[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

CVE-2017-9525 -- cron vulnerability

Deprecated
ID: oval:org.secpod.oval:def:44761Date: (C)2018-03-21   (M)2023-12-20
Class: VULNERABILITYFamily: unix




In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.

Platform:
Ubuntu 16.04
Ubuntu 17.10
Ubuntu 14.04
Ubuntu 18.04
Ubuntu 18.10
Product:
cron
Reference:
CVE-2017-9525
CVE    1
CVE-2017-9525
CPE    4
cpe:/o:ubuntu:ubuntu_linux:16.04
cpe:/a:cron_project:cron
cpe:/o:ubuntu:ubuntu_linux:14.04
cpe:/o:ubuntu:ubuntu_linux:17.10
...

© SecPod Technologies