CVE-2000-1096

vixie_cron - Arbitrary Command Execution via Predictable Temporary File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-1096. PoCs published by Michal Zalewski.

AI-analyzed exploit summary This exploit targets a race condition in Vixie Cron (CVE-2000-1096) to overwrite a user's crontab file with malicious content, leading to privilege escalation. It requires the target user (default: root) to execute 'crontab -e' or 'crontab /any/file' during the attack window.

Description

crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Michal Zalewski · bashlocallinux
https://www.exploit-db.com/exploits/203

This exploit targets a race condition in Vixie Cron (CVE-2000-1096) to overwrite a user's crontab file with malicious content, leading to privilege escalation. It requires the target user (default: root) to execute 'crontab -e' or 'crontab /any/file' during the attack window.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Vixie Cron (versions prior to fix)
No auth needed
Prerequisites: Vixie Cron installed · setuid crontab binary · writable /var/spool/cron directory · target user must execute crontab during attack
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5543
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-11/0237.html
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1960

Scores

EPSS 0.0079
EPSS Percentile 51.3%

Details

Status published
Products (1)
paul_vixie/vixie_cron 3.0_pl1
Published Jan 09, 2001
Tracked Since Feb 18, 2026