Test ID:	1.3.6.1.4.1.25623.1.0.57416
Category:	SuSE Local Security Checks
Title:	SuSE Security Advisory SUSE-SA:2006:027 (cron)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory SUSE-SA:2006:027. Vixie Cron is the default CRON daemon in all SUSE Linux based distributions. The code in do_command.c in Vixie cron does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits. This problem is known to affect only distributions with Linux 2.6 kernels, but the package was updated for all distributions for completeness. This problem is tracked by the Mitre CVE ID CVE-2006-2607. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2006:027 Risk factor : High CVSS Score: 7.2
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2607 BugTraq ID: 18108 http://www.securityfocus.com/bid/18108 Bugtraq: 20060525 rPSA-2006-0082-1 vixie-cron (Google Search) http://www.securityfocus.com/archive/1/435033/100/0/threaded http://security.gentoo.org/glsa/glsa-200606-07.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10213 http://www.redhat.com/support/errata/RHSA-2006-0539.html http://securitytracker.com/id?1016480 http://secunia.com/advisories/20380 http://secunia.com/advisories/20388 http://secunia.com/advisories/20616 http://secunia.com/advisories/21032 http://secunia.com/advisories/21702 http://secunia.com/advisories/35318 SuSE Security Announcement: SUSE-SA:2006:027 (Google Search) http://www.novell.com/linux/security/advisories/2006-05-32.html https://usn.ubuntu.com/778-1/ http://www.vupen.com/english/advisories/2006/2075 XForce ISS Database: vixie-cron-docommand-gain-privilege(26691) https://exchange.xforce.ibmcloud.com/vulnerabilities/26691
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.