Vulnerabilities > CVE-2000-1096 - Unspecified vulnerability in Paul Vixie Cron 3.0Pl1
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | vixie-cron Local Root Exploit. CVE-2000-1096. Local exploit for linux platform |
| id | EDB-ID:203 |
| last seen | 2016-01-31 |
| modified | 2000-11-21 |
| published | 2000-11-21 |
| reporter | Michal Zalewski |
| source | https://www.exploit-db.com/download/203/ |
| title | vixie-cron Local Root Exploit |