Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| bsdi | bsd_os | 2.1 |
| freebsd | freebsd | 2.1.0 |
| paul_vixie | vixie_cron | 3.0 |
| redhat | linux | * |
| netbsd | netbsd | 2.0.4 |
Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| caldera | openlinux | 2.2 |
| redhat | linux | 4.2 |
| redhat | linux | 5.0 |
| redhat | linux | 4.0 |
| redhat | linux | 5.2 |
| redhat | linux | 6.0 |
| redhat | linux | 4.1 |
| debian | debian_linux | 2.2 |
| redhat | linux | 5.1 |
| debian | debian_linux | 2.1 |
| paul_vixie | vixie_cron | 3.0_pl1 |
Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| caldera | openlinux | 2.2 |
| redhat | linux | 4.2 |
| redhat | linux | 5.0 |
| redhat | linux | 4.0 |
| redhat | linux | 5.2 |
| redhat | linux | 6.0 |
| redhat | linux | 4.1 |
| debian | debian_linux | 2.2 |
| redhat | linux | 5.1 |
| debian | debian_linux | 2.1 |
| paul_vixie | vixie_cron | 3.0_pl1 |
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| paul_vixie | vixie_cron | 3.0_pl1 |
crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| paul_vixie | vixie_cron | * |
Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| paul_vixie | vixie_cron | * |
crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 4.0 |
| paul_vixie | vixie_cron | 4.1 |
do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| paul_vixie | vixie_cron | 4.1 |
The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| paul_vixie | vixie_cron | * |
| fedorahosted | cronie | * |