| VID |
14060 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
The host system's /etc/cron.d/cron.allow file's permission or owner is unsafe. crontab is used for regular tasks under multi-systems environment. and tasks are saved by users to files under /var/spool/cron/crontabs. Access to deamons is controlled by /etc/cron.d/cron.allow and /etc/cron.d/cron.deny. attackers usually add backdoor programs to files which are run by cron and at command. therefore files that are run by these programs should be set for write protection.
- account lists that allow cron are registered in cron.allow
- account lists that don't allow cron are registered in cron.deny
- if cron.allow exist, cron.deny is not available.
* The vulnerability checks a path of the file specified in the ministry of security and public administration notify in supplement of 2012-54. If the file exists in other route, it might be a false positive.
* Platforms Affected:
UNIX, Linux |
| Recommendation |
Reset permissions of the file lower than 640 as the following
chmod 640 /etc/cron.d/cron.allow
if the owner of the file is not root, change the owner
chown root /etc/cron.d/cron.allow |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
