This script is Copyright (C) 2006-2010 Tenable Network Security, Inc.
The remote host is missing a vendor-supplied security patch
The remote host is missing the patch for the advisory SUSE-SA:2006:027 (cron).
Vixie Cron is the default CRON daemon in all SUSE Linux based
The code in do_command.c in Vixie cron does not check the return code
of a setuid call, which might allow local users to gain root privileges
if setuid fails in cases such as PAM failures or resource limits.
This problem is known to affect only distributions with Linux 2.6
kernels, but the package was updated for all distributions for
This problem is tracked by the Mitre CVE ID CVE-2006-2607.
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now