Vixie Cron Security Vulnerabilities and Issues — Vixie Cron CVE List

Lucene search

Paul VixieVixie Cron

11 matches found

CVE•added 2010/02/25 7:30 p.m.•100 views

CVE-2010-0424

The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.

3.3CVSS7.2AI score0.00044EPSS

CVE•added 2006/05/25 8:2 p.m.•56 views

CVE-2006-2607

do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in ...

7.2CVSS6.3AI score0.00044EPSS

CVE•added 2000/01/04 5:0 a.m.•54 views

CVE-1999-0769

Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.

7.2CVSS6.9AI score0.00148EPSS

CVE•added 2005/05/02 4:0 a.m.•54 views

CVE-2005-1038

crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235.

2.1CVSS5.5AI score0.00102EPSS

CVE•added 2000/02/04 5:0 a.m.•51 views

CVE-1999-0872

Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.

7.2CVSS7.2AI score0.00063EPSS

CVE•added 2000/01/04 5:0 a.m.•50 views

CVE-1999-0297

Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.

7.2CVSS7.2AI score0.00063EPSS

CVE•added 2001/01/22 5:0 a.m.•45 views

CVE-2000-1096

crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeabl...

3.7CVSS7.6AI score0.00184EPSS

CVE•added 2002/03/09 5:0 a.m.•42 views

CVE-2001-0559

crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error.

7.2CVSS6.5AI score0.00186EPSS

CVE•added 2007/04/18 3:19 a.m.•40 views

CVE-2007-1856

Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c.

2.1CVSS5.8AI score0.00051EPSS

CVE•added 2024/08/20 6:15 a.m.•40 views

CVE-2024-43688

cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffer underflow and memory corruption. NOTE: this issue was introduced during a May 2023 refactoring.

7.3CVSS6.8AI score0.00087EPSS

CVE•added 2002/03/09 5:0 a.m.•34 views

CVE-2001-0560

Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).

4.6CVSS6.8AI score0.00216EPSS