3 matches found
Mandrake Linux Security Advisory : vixie-cron (MDKSA-2001:050)
A recent security fix to cron introduced a new problem with giving up privileges before invoking the editor. A malicious local user could exploit this to gain root access. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...
CVE-2001-0559
The CVE-2001-0559 issue affects Vixie cron up to 3.0.1. crontab fails to drop privileges correctly after a failed parsing of a modification operation, potentially enabling a local attacker to gain additional privileges when an editor is invoked to fix the error. Publicly documented references (De...
CVE-2001-0559
crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error...