CVE-2001-0559
published 2001-08-14CVE-2001-0559: crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local…
PriorityP422high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.10%
61.5th percentile
crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paul_vixie | vixie_cron | <= 3.0.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Vixie Cron crontab 3.0 - Privilege Lowering Failure (2)
exploitdb·2001-07-05
CVE-2001-0559 Vixie Cron crontab 3.0 - Privilege Lowering Failure (2)
Vixie Cron crontab 3.0 - Privilege Lowering Failure (2)
---
source: https://www.securityfocus.com/bid/2687/info
Vixie cron is an implementation of the popular UNIX program that runs user-specified programs at periodic scheduled times.
When a parsing error occurs after a modification operation, crontab will fail to drop privileges correctly for subsequent modification operations.
This vulnerability may be exploited to gain root privileges locally.
#!/bin/sh
#
# cronboom - simple proof-of-concept exploit for vixie cron version 3.1pl1
#
# synopsis:
# the crontab file maintenance program (crontab) fails to drop privileges
# before invoking the editor under certain circumstances.
#
# description:
# a serialization error exists in some versions of the file maintenance
# program, crontab. t
Exploit-DB
Vixie Cron crontab 3.0 - Privilege Lowering Failure (1)
exploitdb·2001-05-07
CVE-2001-0559 Vixie Cron crontab 3.0 - Privilege Lowering Failure (1)
Vixie Cron crontab 3.0 - Privilege Lowering Failure (1)
---
source: https://www.securityfocus.com/bid/2687/info
Vixie cron is an implementation of the popular UNIX program that runs user-specified programs at periodic scheduled times.
When a parsing error occurs after a modification operation, crontab will fail to drop privileges correctly for subsequent modification operations.
This vulnerability may be exploited to gain root privileges locally.
#!/bin/bash
clear
echo ".-----------------------------------------------------------."
echo "| Marchew.Hyperreal presents: vixie crontab exploit #728371 |"
echo "|===========================================================|"
echo "| Sebastian Krahmer |"
echo "| Michal Zalewski |"
echo "\`-----------------------------------------------------
No writeups or analysis indexed.
http://www.debian.org/security/2001/dsa-054http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-050.php3http://www.novell.com/linux/security/advisories/2001_017_cron_txt.htmlhttp://www.securityfocus.com/archive/1/183029http://www.securityfocus.com/bid/2687https://exchange.xforce.ibmcloud.com/vulnerabilities/6508http://www.debian.org/security/2001/dsa-054http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-050.php3http://www.novell.com/linux/security/advisories/2001_017_cron_txt.htmlhttp://www.securityfocus.com/archive/1/183029http://www.securityfocus.com/bid/2687https://exchange.xforce.ibmcloud.com/vulnerabilities/6508
2001-08-14
Published