Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-1096

Overview

Vulnerability Score 3.7 3.7
CVE Id CVE-2000-1096
Last Modified 10 Sep 2008 03:06:36
Published 09 Jan 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2000-1096

Summary

crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.

Vulnerable Systems

Application

  • Paul Vixie Vixie Cron 3.0 Pl1


References

BID - 1960

XF - vixie-cron-execute-commands(5543)

BUGTRAQ - 20001116 vixie cron...


Last Updated: 27 May 2016 10:36:00