发布时间 :2005-05-02 00:00:00
修订时间 :2010-08-21 00:27:30

[原文]crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235.

[CNNVD]Vixie Cron Crontab文件信息泄露漏洞(CNNVD-200505-652)

        Vixie cron是一个流行的定时执行命令的程序。
        Vixie cron crontab中存在信息泄漏漏洞,本地攻击者可能泄漏用户的crontab文件。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11104crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file be...

- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(PATCH)  BID  13024
(VENDOR_ADVISORY)  BUGTRAQ  20050406 crontab from vixie-cron allows read other users crontabs
(UNKNOWN)  SGI  20060401-01-U

- 漏洞信息

Vixie Cron Crontab文件信息泄露漏洞
低危 设计错误
2005-05-02 00:00:00 2005-10-20 00:00:00
        Vixie cron是一个流行的定时执行命令的程序。
        Vixie cron crontab中存在信息泄漏漏洞,本地攻击者可能泄漏用户的crontab文件。

- 公告与补丁


- 漏洞信息

Vixie Cron crontab -e Option Arbitrary Cron File Disclosure
Information Disclosure
Loss of Confidentiality Patch / RCS
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-04-06 Unknow
2005-04-06 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Vixie Cron Crontab File Disclosure Vulnerability
Design Error 13024
No Yes
2005-04-06 12:00:00 2007-04-20 09:31:00
Discovery is credited to Karol_WiEAsek <>.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise Desktop 10
SuSE Linux Professional 10.2 x86_64
SuSE Linux Personal 10.2 x86_64
SGI ProPack 3.0 SP6
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Open-Enterprise-Server 1
S.u.S.E. Office Server
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 10.2
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 10.2
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Office Server
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux Database Server 0
S.u.S.E. Linux Connectivity Server
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Desktop 4.0
RedHat Desktop 3.0
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Paul Vixie Vixie Cron 4.1
+ Red Hat Fedora Core3
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Messaging Storage Server
Avaya Message Networking
Avaya Intuity LX

- 漏洞讨论

Vixie cron crontab is reported prone to an information-disclosure vulnerability that may allow local attackers to access users' crontab files.

Reportedly, this issue arises due to a design error resulting in the insecure creation of a temporary file in the '/tmp' directory. This occurs when crontab is executed with the '-e' option used for editing the current crontab.

Attackers may leverage this issue to access potentially sensitive data, which they may use to carry out further attacks against a computer.

Vixie cron 4.1-24_FC3 running on Fedora Core 3 is reported vulnerable. Other versions on different operating systems may be affected as well.

This issue may be specific to Red Hat operating systems and may be related to BID 1845 (HP-UX crontab /tmp File Vulnerability).

- 漏洞利用

An exploit is not required.

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at:

Please see the referenced advisories for more information and fixes.

Paul Vixie Vixie Cron 4.1

- 相关参考