Paul Vixie: >> Vixie Cron >> 3.0_pl1 Security Vulnerabilities
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.
CVSS Score
3.7
EPSS Score
0.002
Published
2001-01-09
Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.
CVSS Score
7.2
EPSS Score
0.001
Published
1999-08-25
Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.
CVSS Score
7.2
EPSS Score
0.001
Published
1999-08-25