VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 25, 1999· Updated Apr 16, 2026

CVE-1999-0768

CVE-1999-0768

Description

A buffer overflow vulnerability in Vixie Cron on older Red Hat and S.u.S.E. Linux systems can be exploited via the MAILTO environment variable to gain root privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A buffer overflow vulnerability in Vixie Cron on older Red Hat and S.u.S.E. Linux systems can be exploited via the MAILTO environment variable to gain root privileges.

Vulnerability

A buffer overflow vulnerability exists in Vixie Cron versions shipped with Red Hat Linux 4.2, 5.2, and 6.0, as well as S.u.S.E. Linux 6.0 and 6.1. The vulnerability is triggered by overflowing a buffer in the cron_popen() function when the MAILTO environment variable is utilized. This flaw affects the default setuid root installation of the Vixie cron daemon [1].

Exploitation

An attacker with local access can exploit this vulnerability by crafting a malicious crontab file. This file should set the MAILTO environment variable to a specially crafted string containing shellcode, and then schedule a command that will execute the shellcode. The exploit involves creating a CrOn file, waiting for cron to process it, and then potentially executing commands as root [1].

Impact

Successful exploitation of this vulnerability allows a local attacker to execute arbitrary code with root privileges. Since the Vixie cron daemon is installed setuid root by default, this can lead to a full system compromise, granting the attacker complete control over the affected system [1].

Mitigation

This vulnerability affects specific older versions of Red Hat and S.u.S.E. Linux. It is recommended to upgrade to patched versions of the Vixie Cron daemon. Information on specific patched versions and release dates is not detailed in the provided references, but newer versions of Debian GNU/Linux are confirmed not to be vulnerable. No other workarounds are specified in the available references [1].

References
  1. RedHat Linux 4.2/5.2/6.0 / S.u.S.E Linux 6.0/6.1 - Cron Buffer Overflow (1)

AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • Red Hat/Linux3 versions
    cpe:2.3:o:redhat:linux:4.2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:linux:4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:linux:5.2:*:i386:*:*:*:*:*
    • cpe:2.3:o:redhat:linux:6.0:*:i386:*:*:*:*:*
  • SUSE S.A./Linux2 versions
    cpe:2.3:o:suse:suse_linux:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:suse:suse_linux:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:*
  • Paul Vixie/Vixie Cronllm-fuzzy

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.