CVE-2017-9525 - OpenCVE

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Cron Project	Cron
Debian	Debian Linux

Configuration 1 [-]

AND

cpe:2.3:a:cron_project:cron:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:canonical:ubuntu_linux::::::::
	cpe:2.3:o:debian:debian_linux::::::::

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

No data.

References

Link	Providers
http://bugs.debian.org/864466
http://www.openwall.com/lists/oss-security/2017/06/08/3
http://www.securitytracker.com/id/1038651
https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-06-09T16:00:00

Updated: 2024-08-05T17:11:01.621Z

Reserved: 2017-06-09T00:00:00

Link: CVE-2017-9525

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-06-09T16:29:02.110

Modified: 2021-12-16T18:44:58.590

Link: CVE-2017-9525

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-06-09T00:00:00", "descriptions": [{"lang": "en", "value": "In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-30T21:06:39", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/864466"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2017/06/08/3"}, {"name": "1038651", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038651"}, {"name": "[debian-lts-announce] 20190321 [SECURITY] [DLA 1723-1] cron security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html"}, {"name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2801-1] cron security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9525", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://bugs.debian.org/864466", "refsource": "MISC", "url": "http://bugs.debian.org/864466"}, {"name": "http://www.openwall.com/lists/oss-security/2017/06/08/3", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2017/06/08/3"}, {"name": "1038651", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038651"}, {"name": "[debian-lts-announce] 20190321 [SECURITY] [DLA 1723-1] cron security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html"}, {"name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2801-1] cron security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:11:01.621Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.debian.org/864466"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/06/08/3"}, {"name": "1038651", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038651"}, {"name": "[debian-lts-announce] 20190321 [SECURITY] [DLA 1723-1] cron security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html"}, {"name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2801-1] cron security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9525", "datePublished": "2017-06-09T16:00:00", "dateReserved": "2017-06-09T00:00:00", "dateUpdated": "2024-08-05T17:11:01.621Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cron_project:cron:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3444166-4E36-4879-BAC9-A90E13FFE19F", "versionEndIncluding": "3.0pl1-128.", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "407BAF27-8E5E-49F3-9B83-2FDEEE87D981", "vulnerable": false}, {"criteria": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C8919F1-CD33-437E-9627-69352B276BA3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs."}, {"lang": "es", "value": "En el paquete cron hasta la versi\u00f3n 3.0pl1-128 en Debian, y hasta la versi\u00f3n 3.0pl1-128ubuntu2 en Ubuntu, el script de mantenimiento postinst permite la escalada de privilegios de grupo-crontab a root por medio de ataques de enlace simb\u00f3lico (symlink) contra el uso no seguro de los programas chown y chmod."}], "id": "CVE-2017-9525", "lastModified": "2021-12-16T18:44:58.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-09T16:29:02.110", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory", "Vendor Advisory"], "url": "http://bugs.debian.org/864466"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/06/08/3"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038651"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}