Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-1096

5 documents4 sources

Severity

3.7LOW

EPSS

0.4%

top 40.76%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Paul Vixie Vixie Cron

Timeline

PublishedJan 9

Latest updateApr 30

Description

crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.

CVSS vector

AV:L/AC:H/C:P/I:P/A:PExploitability: 1.9 | Impact: 6.4

Affected Packages1 packages

▶NVDpaul_vixie/vixie_cron3.0_pl1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-3h2g-8x7p-qmjq: crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the c↗2022-04-30

▶

CVEList

CVE-2000-1096: crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the c↗2001-01-22

▶

💥Exploits & PoCs

Exploit-DB

vixie-cron - Local Privilege Escalation↗2000-11-21

▶

Exploit-DB

Bray Systems Linux Trustees 1.5 - Long Pathname↗2000-04-10

▶