CVE-2000-1096

crontab - Local Command Execution

Title source: llm

Description

crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Michal Zalewski · bashlocallinux

https://www.exploit-db.com/exploits/203

View Code ZIP pw:eip

References (3)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-11/0237.html

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/1960

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/5543

Scores

EPSS 0.0038

EPSS Percentile 59.3%

Details

Status published

Products (1)

paul_vixie/vixie_cron 3.0_pl1

Published Jan 09, 2001

Tracked Since Feb 18, 2026