cbcvebase.
CVE-2017-9525
published 2017-06-09

CVE-2017-9525: In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root…

PriorityP426medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
0.55%
41.9th percentile
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.

Affected

13 ranges
VendorProductVersion rangeFixed in
cron_projectcron<= 3.0pl1-128.
cron_projectcron>= 0 < 3.0pl1-1293.0pl1-129
cron_projectcron>= 0 < 3.0pl1-1293.0pl1-129
cron_projectcron>= 0 < 3.0pl1-1293.0pl1-129
cron_projectcron>= 0 < 3.0pl1-1293.0pl1-129
cron_projectcron>= 0 < 3.0pl1-128.1ubuntu1.23.0pl1-128.1ubuntu1.2
cron_projectcron>= 0 < 3.0pl1-128.1ubuntu1.13.0pl1-128.1ubuntu1.1
cron_projectcron>= 0 < 3.0pl1-128ubuntu2+esm23.0pl1-128ubuntu2+esm2
cron_projectcron>= 0 < 3.0pl1-128ubuntu2+esm13.0pl1-128ubuntu2+esm1
debiancron< cron 3.0pl1-129 (bookworm)cron 3.0pl1-129 (bookworm)
debiandebian_linux
debiandebian_linux
debiansystemd-cron< cron 3.0pl1-129 (bookworm)cron 3.0pl1-129 (bookworm)

CVSS provenance

nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.7MEDIUM
vendor_debian6.7MEDIUM
vendor_ubuntu6.7MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.