Detections
Analytics

MiracleLinux 3 : vixie-cron-4.1-81.AXS3 (AXSA:2012-254:01)

high Nessus Plugin ID 283925

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-254:01 advisory.

 The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. Vixie cron adds better security and more powerful configuration options to the standard version of cron.
 Security issues fixed with this release:
 CVE-2010-0424 The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.
 Fixed bugs:
 A temporary NSS lookup failure often prevented the execution of cron jobs from users with home directories mounted on a LDAP server or NFS because such jobs would then be marked as orphaned. This update introduces the creation of a orphans database and cron jobs are performed as expected.
 Previously, cron did not log any errors if a cron job file located in the /etc/cron.d/ directory contained invalid entries. This has been fixed and invalid entries in the cron job files now produce warning messages.
 Previously, the @reboot crontab macro incorrectly ran jobs when the crond daemon was restarted. When used on several machines, all entries with the @reboot option were executed every time the crond daemon was restarted. This has been fixed and jobs are executed only when the machine is rebooted.
 crontab is now compiled as a position-independent executable (PIE), which enhances the security of the system.
 If the parent crond daemon was stopped but the a child daemon was still running, the service crond status command incorrectly reported that crond was running.This has been fixed and the service crond status command now correctly reports that crond is stopped.
 This update includes a corrected /etc/pam.d/crond file that exports environment variables correctly.
 Setting pam variables via cron now works as documented in the pam(8) manual page.
 Previously, if the crond daemon attempted to use the label modified by mcstrand and mcstransd was not running, crond used an incorrect label. Consequently, Security-Enhanced Linux (SELinux) denials filled up the cron log, no jobs were executed, and crond had to be restarted. This has been fixed by making mcstransd and crond use raw SELinux labels.
 Fixed many typos in the crontab(1) and cron(8) manual pages.
 Enhancement:
 The crontab utility now uses Pluggable Authentication Module for user verification: it prevents users from accessing crontab, which was previously possible even if their access had been restricted. Crontab now returns an error message informing them that the PAM configuration prevents them from doing so.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected vixie-cron package.

See Also

https://tsn.miraclelinux.com/en/node/2746

Plugin Details

Severity: High

ID: 283925

File Name: miracle_linux_AXSA-2012-254.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P

CVSS Score Source: CVE-2010-0424

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:miracle:linux:3, p-cpe:/a:miracle:linux:vixie-cron

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/7/2012

Vulnerability Publication Date: 2/24/2010

Reference Information

CVE: CVE-2010-0424