Test ID:	1.3.6.1.4.1.25623.1.0.53566
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 054-1 (cron)
Summary:	The remote host is missing an update to cron;announced via advisory DSA 054-1.
Description:	Summary: The remote host is missing an update to cron announced via advisory DSA 054-1. Vulnerability Insight: A recent (fall 2000) security fix to cron introduced an error in giving up privileges before invoking the editor. A malicious user could easily gain root access. This has been fixed in version 3.0pl1-57.3 (or 3.0pl1-67 for unstable). No exploits are known to exist, but we recommend that you upgrade your Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2001-0559 BugTraq ID: 2687 http://www.securityfocus.com/bid/2687 Bugtraq: 20010507 Vixie cron vulnerability (Google Search) http://www.securityfocus.com/archive/1/183029 Debian Security Information: DSA-054 (Google Search) http://www.debian.org/security/2001/dsa-054 http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-050.php3 SuSE Security Announcement: SuSE-SA:2001:17 (Google Search) http://www.novell.com/linux/security/advisories/2001_017_cron_txt.html XForce ISS Database: vixie-cron-gain-privileges(6508) https://exchange.xforce.ibmcloud.com/vulnerabilities/6508
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.