Vulnerabilities > CVE-2001-0559 - Unspecified vulnerability in Paul Vixie Cron
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description Vixie Cron crontab 3.0 Privilege Lowering Failure Vulnerability (1). CVE-2001-0559. Local exploit for linux platform id EDB-ID:20822 last seen 2016-02-02 modified 2001-05-07 published 2001-05-07 reporter Sebastian Krahmer source https://www.exploit-db.com/download/20822/ title Vixie Cron crontab 3.0 - Privilege Lowering Failure Vulnerability 1 description Vixie Cron crontab 3.0 Privilege Lowering Failure Vulnerability (2). CVE-2001-0559. Local exploit for linux platform id EDB-ID:20823 last seen 2016-02-02 modified 2001-07-05 published 2001-07-05 reporter cairnsc source https://www.exploit-db.com/download/20823/ title Vixie Cron crontab 3.0 - Privilege Lowering Failure Vulnerability 2
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-054.NASL description A recent (fall 2000) security fix to cron introduced an error in giving up privileges before invoking the editor. This was discovered by Sebastian Krahmer from SuSE. A malicious user could easily gain root access. last seen 2020-06-01 modified 2020-06-02 plugin id 14891 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14891 title Debian DSA-054-1 : cron - local root exploit code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-054. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(14891); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:16"); script_cve_id("CVE-2001-0559"); script_xref(name:"DSA", value:"054"); script_name(english:"Debian DSA-054-1 : cron - local root exploit"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "A recent (fall 2000) security fix to cron introduced an error in giving up privileges before invoking the editor. This was discovered by Sebastian Krahmer from SuSE. A malicious user could easily gain root access." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2001/dsa-054" ); script_set_attribute( attribute:"solution", value: "This has been fixed in version 3.0pl1-57.3 (or 3.0pl1-67 for unstable). No exploits are known to exist, but we recommend that you upgrade your cron packages immediately." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cron"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"patch_publication_date", value:"2001/05/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"cron", reference:"3.0pl1-57.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2001-050.NASL description A recent security fix to cron introduced a new problem with giving up privileges before invoking the editor. A malicious local user could exploit this to gain root access. last seen 2020-06-01 modified 2020-06-02 plugin id 13868 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13868 title Mandrake Linux Security Advisory : vixie-cron (MDKSA-2001:050) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2001:050. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(13868); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2001-0559"); script_xref(name:"MDKSA", value:"2001:050"); script_name(english:"Mandrake Linux Security Advisory : vixie-cron (MDKSA-2001:050)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "A recent security fix to cron introduced a new problem with giving up privileges before invoking the editor. A malicious local user could exploit this to gain root access." ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/frames/?content=/vdb/bottom.html?vid=2687" ); script_set_attribute( attribute:"solution", value:"Update the affected vixie-cron package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vixie-cron"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2001/05/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"vixie-cron-3.0.1-46.4mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"vixie-cron-3.0.1-46.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"vixie-cron-3.0.1-51.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://www.debian.org/security/2001/dsa-054
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-050.php3
- http://www.novell.com/linux/security/advisories/2001_017_cron_txt.html
- http://www.securityfocus.com/archive/1/183029
- http://www.securityfocus.com/bid/2687
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6508