Summary
The remote host is missing an update to cron
announced via advisory DSA 024-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20024-1
Insight
The FreeBSD team has found a bug in the way new crontabs were handled which allowed malicious users to display arbitrary crontab files on the local system. This only affects valid crontab files so can't be used to get access to /etc/shadow or something. crontab files are not especially secure anyway, as there are other ways they can leak. No passwords or similar sensitive data should be in there.
We recommend you upgrade your cron packages.
Severity
Classification
-
CVE CVE-2001-0235 -
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities