Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0559

5 documents4 sources
Severity
7.2HIGH
EPSS
0.2%
top 59.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Paul Vixie Vixie Cron
Timeline
PublishedAug 14
Latest updateApr 30

Description

crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: www.linux-mandrake.comPatch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-xxwc-wcp3-hfp4: crontab in Vixie cron 32022-04-30
CVEList
CVE-2001-0559: crontab in Vixie cron 32002-03-09

💥Exploits & PoCs

2
Exploit-DB
Vixie Cron crontab 3.0 - Privilege Lowering Failure (2)2001-07-05
Exploit-DB
Vixie Cron crontab 3.0 - Privilege Lowering Failure (1)2001-05-07
CVE-2001-0559 (HIGH CVSS 7.2) | crontab in Vixie cron 3.0.1 and ear | cvebase.io