This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200704-11
(Vixie Cron: Denial of Service)
During an internal audit, Raphael Marichez of the Gentoo Linux Security
Team found that Vixie Cron has weak permissions set on Gentoo, allowing
for a local user to create hard links to system and users cron files,
while a st_nlink check in database.c will generate a superfluous error.
Depending on the partitioning scheme and the 'cron' group membership, a
malicious local user can create hard links to system or users cron
files that will trigger the st_link safety check and prevent the
targeted cron file from being run from the next restart or database
There is no known workaround at this time.
See also :
All Vixie Cron users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=sys-process/vixie-cron-4.1-r10'
Risk factor :
Low / CVSS Base Score : 2.1
Family: Gentoo Local Security Checks
Nessus Plugin ID: 25056 (gentoo_GLSA-200704-11.nasl)
CVE ID: CVE-2007-1856