CVE-2017-9525

Published: Jun 9, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://bugs.debian.org/864466

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2017/06/08/3

x_refsource_MISC

1038651

vdb-entry

x_refsource_SECTRACK

[debian-lts-announce] 20190321 [SECURITY] [DLA 1723-1] cron security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20211030 [SECURITY] [DLA 2801-1] cron security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-9525

Description

Affected Products

References