Debian Security Advisory DSA 024-1 (cron) Network Vulnerability

Summary

The remote host is missing an update to cron announced via advisory DSA 024-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20024-1

Insight

The FreeBSD team has found a bug in the way new crontabs were handled which allowed malicious users to display arbitrary crontab files on the local system. This only affects valid crontab files so can't be used to get access to /etc/shadow or something. crontab files are not especially secure anyway, as there are other ways they can leak. No passwords or similar sensitive data should be in there. We recommend you upgrade your cron packages.

Severity

Classification

CVE CVE-2001-0235
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Debian Security Advisory DSA 2661-1 (xorg-server - information disclosure)
Debian Security Advisory DSA 1136-1 (gpdf)
Debian Security Advisory DSA 2707-1 (dbus - denial of service)
Debian Security Advisory DSA 1035-1 (fcheck)
Debian Security Advisory DSA 2650-2 (libvirt - files and device nodes ownership change to kvm group)

Take action and discover your vulnerabilities