VID |
14061 |
Severity |
40 |
Port |
22 |
Protocol |
TCP |
Class |
LSC |
Detailed Description |
The host system's /etc/cron.d/cron.deny file's permission or owner is unsafe. crontab is used for regular tasks under multi-systems environment. and tasks are saved by users to files under /var/spool/cron/crontabs. Access to deamons is controlled by /etc/cron.d/cron.allow and /etc/cron.d/cron.deny. attackers usually add backdoor programs to files which are run by cron and at command. therefore files that are run by these programs should be set for write protection
- account lists that allow cron are registered in cron.allow - account lists that don't allow cron are registered in cron.deny - if cron.allow exist, cron.deny is not available.
* The vulnerability checks a path of the file specified in the ministry of security and public administration notify in supplement of 2012-54. If the file exists in other route, it might be a false positive.
* Platforms Affected: UNIX, Linux |
Recommendation |
Reset permissions of the file lower than 640 as the following chmod 640 /etc/cron.d/cron.deny
if the owner of the file is not root, change the owner chown root /etc/cron.d/cron.deny |
Related URL |
(CVE) |
Related URL |
(SecurityFocus) |
Related URL |
(ISS) |
|