CVE-2017-9525
First published: Fri Jun 09 2017(Updated: )
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cron Project Cron | <=3.0pl1-128. | |
| Canonical Ubuntu Linux | ||
| Debian Debian Linux | ||
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- vendor/cron project
- canonical/cron project cron
- version/cron project cron/3.0pl1-128.
- vendor/canonical
- canonical/canonical ubuntu linux
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0