Vulnerability Description
Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paul Vixie | Vixie Cron | <= 3.0.1.56 |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-02/0197.htmlExploitPatchVendor Advisory
- http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0066.htmlPatchVendor Advisory
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY17048&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY17261&apar=only
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-022.php3PatchVendor Advisory
- http://www.osvdb.org/5583
- http://www.redhat.com/support/errata/RHSA-2001-014.htmlExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6098
- http://archives.neohapsis.com/archives/bugtraq/2001-02/0197.htmlExploitPatchVendor Advisory
- http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0066.htmlPatchVendor Advisory
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY17048&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY17261&apar=only
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-022.php3PatchVendor Advisory
- http://www.osvdb.org/5583
- http://www.redhat.com/support/errata/RHSA-2001-014.htmlExploitPatchVendor Advisory
FAQ
What is CVE-2001-0560?
CVE-2001-0560 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).
How severe is CVE-2001-0560?
CVE-2001-0560 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0560?
Check the references section above for vendor advisories and patch information. Affected products include: Paul Vixie Vixie Cron.