Vixie Cron
by Paul Vixie
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-0559 | 0.03 | — | 0.01 | Aug 14, 2001 | crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error. | |||
| CVE-2000-1096 | 0.03 | — | 0.01 | Jan 9, 2001 | crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by… | |||
| CVE-1999-0768 | 0.03 | — | 0.02 | Aug 25, 1999 | Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable. | |||
| CVE-1999-0769 | 0.03 | — | 0.01 | Aug 25, 1999 | Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable. | |||
| CVE-2010-0424 | 0.00 | — | 0.00 | Feb 25, 2010 | The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory. | |||
| CVE-2007-1856 | 0.00 | — | 0.00 | Apr 18, 2007 | Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c. | |||
| CVE-2006-2607 | 0.00 | — | 0.01 | May 25, 2006 | do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process… | |||
| CVE-2005-1038 | 0.00 | — | 0.01 | May 2, 2005 | crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235. | |||
| CVE-2001-0560 | 0.00 | — | 0.01 | Aug 22, 2001 | Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters). | |||
| CVE-1999-0872 | 0.00 | — | 0.00 | Aug 25, 1999 | Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file. | |||
| CVE-1999-0297 | 0.00 | — | 0.00 | Dec 12, 1996 | Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. |
- CVE-2001-0559Aug 14, 2001risk 0.03cvss —epss 0.01
crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error.
- CVE-2000-1096Jan 9, 2001risk 0.03cvss —epss 0.01
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by…
- CVE-1999-0768Aug 25, 1999risk 0.03cvss —epss 0.02
Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable.
- CVE-1999-0769Aug 25, 1999risk 0.03cvss —epss 0.01
Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.
- CVE-2010-0424Feb 25, 2010risk 0.00cvss —epss 0.00
The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.
- CVE-2007-1856Apr 18, 2007risk 0.00cvss —epss 0.00
Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c.
- CVE-2006-2607May 25, 2006risk 0.00cvss —epss 0.01
do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process…
- CVE-2005-1038May 2, 2005risk 0.00cvss —epss 0.01
crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235.
- CVE-2001-0560Aug 22, 2001risk 0.00cvss —epss 0.01
Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).
- CVE-1999-0872Aug 25, 1999risk 0.00cvss —epss 0.00
Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.
- CVE-1999-0297Dec 12, 1996risk 0.00cvss —epss 0.00
Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.