Published: 14/08/2001 Updated: 10/10/2017

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 730

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

crontab in Vixie cron 3.0.1 and previous versions does not properly drop privileges after the failed parsing of a modification operation, which could allow a local malicious user to gain additional privileges when an editor is called to correct the error.

Vulnerable Product	Search on Vulmon	Subscribe to Product
paul vixie vixie cron

A recent (fall 2000) security fix to cron introduced an error in giving up privileges before invoking the editor This was discovered by Sebastian Krahmer from SuSE A malicious user could easily gain root access This has been fixed in version 30pl1-573 (or 30pl1-67 for unstable) No exploits are known to exist, but we recommend that you upgrad ...

source: wwwsecurityfocuscom/bid/2687/info Vixie cron is an implementation of the popular UNIX program that runs user-specified programs at periodic scheduled times When a parsing error occurs after a modification operation, crontab will fail to drop privileges correctly for subsequent modification operations This vulnerability may be ...

source: wwwsecurityfocuscom/bid/2687/info Vixie cron is an implementation of the popular UNIX program that runs user-specified programs at periodic scheduled times When a parsing error occurs after a modification operation, crontab will fail to drop privileges correctly for subsequent modification operations This vulnerability may ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/183029 http://www.debian.org/security/2001/dsa-054 http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-050.php3 http://www.securityfocus.com/bid/2687 http://www.novell.com/linux/security/advisories/2001_017_cron_txt.html https://exchange.xforce.ibmcloud.com/vulnerabilities/6508 https://nvd.nist.gov https://www.debian.org/security/./dsa-054 https://www.exploit-db.com/exploits/20822/

CVE-2001-0559

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect