In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.
References
Link | Resource |
---|---|
http://bugs.debian.org/864466 | Issue Tracking Third Party Advisory Vendor Advisory |
http://www.openwall.com/lists/oss-security/2017/06/08/3 | Mailing List Third Party Advisory |
http://www.securitytracker.com/id/1038651 | Third Party Advisory VDB Entry |
https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-06-09T16:00:00
Updated: 2021-10-30T21:06:39
Reserved: 2017-06-09T00:00:00
Link: CVE-2017-9525
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-06-09T16:29:02.110
Modified: 2021-12-16T18:44:58.590
Link: CVE-2017-9525
JSON object: View
Redhat Information
No data.
CWE