Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0769

4 documents4 sources

Severity

7.2HIGH

EPSS

0.4%

top 40.52%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Caldera Openlinux Debian Debian Linux Paul Vixie Vixie Cron +1 more

Timeline

PublishedAug 25

Latest updateApr 30

Description

Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶NVDpaul_vixie/vixie_cron3.0_pl1

▶NVDredhat/linux7 versions+6

▶NVDcaldera/openlinux2.2

Also affects: Debian Linux 2.1, 2.2

🔴Vulnerability Details

GHSA

GHSA-9qf9-2h54-chr8: Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable↗2022-04-30

▶

CVEList

CVE-1999-0769: Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable↗2000-01-04

▶

💥Exploits & PoCs

Exploit-DB

Caldera OpenLinux 2.2 / Debian 2.1/2.2 / RedHat 6.0 - Vixie Cron MAILTO Sendmail↗1999-08-25

▶