Paul Vixie: >> Vixie Cron >> 4.1 Security Vulnerabilities
do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.
CVSS Score
7.2
EPSS Score
0.0
Published
2006-05-25
crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-05-02