Published: 12/03/2019 Updated: 30/11/2021

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

It exists that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. (CVE-2017-9525)

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian cron 3.0
debian debian linux 8.0
debian debian linux 9.0

Debian Bug report logs - #809167 cron: CVE-2019-9706: usae-after-free vulnerability Package: cron; Maintainer for cron is Javier Fernández-Sanguino Peña <jfs@debianorg>; Source for cron is src:cron (PTS, buildd, popcon) Reported by: Cron Daemon Use-After-Free Vulnerability May Cause Local Root Privilege Escalation <ora ...

Several security issues were fixed in Cron ...

USN-5259-1 and USN-5259-2 introduced a regression in Cron ...

Several security issues were fixed in Cron ...

Impact: Low Public Date: 2019-03-08 CWE: CWE-416 Bugzilla: 1687706: CVE-2019-9706 vixie-cron: use-after ...

CWE-416 https://salsa.debian.org/debian/cron/commit/40791b93 https://packages.qa.debian.org/c/cron/news/20190311T170403Z.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167 https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167 https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5259-2

CVE-2019-9706

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect