CVE-2017-9525
Ubuntu Security Notice USN-5259-2
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.
En el paquete cron hasta la versión 3.0pl1-128 en Debian, y hasta la versión 3.0pl1-128ubuntu2 en Ubuntu, el script de mantenimiento postinst permite la escalada de privilegios de grupo-crontab a root por medio de ataques de enlace simbólico (symlink) contra el uso no seguro de los programas chown y chmod.
USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. Florian Weimer discovered that Cron incorrectly handled certain memory operations during crontab file creation. An attacker could possibly use this issue to cause a denial of service. It was discovered that Cron incorrectly handled user input during crontab file creation. An attacker could possibly use this issue to cause a denial of service. It was discovered that Cron contained a use-after-free vulnerability in its force_rescan_user function. An attacker could possibly use this issue to cause a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-06-09 CVE Reserved
- 2017-06-09 CVE Published
- 2024-08-05 CVE Updated
- 2025-04-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/06/08/3 | Mailing List |
|
| http://www.securitytracker.com/id/1038651 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://bugs.debian.org/864466 | 2021-12-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cron Project Search vendor "Cron Project" | Cron Search vendor "Cron Project" for product "Cron" | <= 3.0pl1-128. Search vendor "Cron Project" for product "Cron" and version " <= 3.0pl1-128." | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | * | - |
Safe
|
| Cron Project Search vendor "Cron Project" | Cron Search vendor "Cron Project" for product "Cron" | <= 3.0pl1-128. Search vendor "Cron Project" for product "Cron" and version " <= 3.0pl1-128." | - |
Affected
| in | Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | * | - |
Safe
|
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||