Vulnerability Name:

CVE-1999-0872 (CCN-4096)

Assigned:1999-08-25
Published:1999-08-25
Updated:2008-09-09
Summary:Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-1999-023.0
serious security problem in cron

Source: MITRE
Type: CNA
CVE-1999-0768

Source: MITRE
Type: CNA
CVE-1999-0872

Source: CCN
Type: RHSA-1999:030-02
Buffer overflow in cron daemon

Source: DEBIAN
Type: Debian Security Advisory 19990830
cron: Root exploit in cron

Source: CCN
Type: OSVDB ID: 1058
Vixie Cron MAILTO Environement Variable Overflow

Source: CCN
Type: OSVDB ID: 7550
cron MAILTO Overflow Privilege Escalation

Source: CCN
Type: BID-602
Vixie Cron Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
611

Source: CCN
Type: BID-611
Vixie Cron MAILTO Sendmail Vulnerability

Source: BID
Type: UNKNOWN
759

Source: CCN
Type: BID-759
Skyfull Mail Server MAIL FROM Buffer Overflow Vulnerability

Source: CCN
Type: SuSE Security Announcement #15
cron-3.0.1-75 (Vixie Cron) and previous versions

Source: XF
Type: UNKNOWN
cron-sendmail-bo-root(4096)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:paul_vixie:vixie_cron:3.0_pl1:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:caldera:openlinux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:4.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:5.2:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.0:*:i386:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:redhat:linux:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:5.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:caldera:openlinux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:caldera:openlinux:2.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.1:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    paul_vixie vixie cron 3.0_pl1
    caldera openlinux 2.2
    debian debian linux 2.1
    debian debian linux 2.2
    redhat linux 4.0
    redhat linux 4.1
    redhat linux 4.2
    redhat linux 5.0
    redhat linux 5.1
    redhat linux 5.2
    redhat linux 6.0
    redhat linux 4.2
    debian debian linux *
    redhat linux 5.2
    suse suse linux 6.2
    caldera openlinux 2.2
    caldera openlinux 2.3
    suse suse linux 6.1