Vulnerability Details CVE-2017-9525
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 15.1%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 6.9
References
- http://bugs.debian.org/864466
- http://www.openwall.com/lists/oss-security/2017/06/08/3
- http://www.securitytracker.com/id/1038651
- https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html
- https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html
- http://bugs.debian.org/864466
- http://www.openwall.com/lists/oss-security/2017/06/08/3
- http://www.securitytracker.com/id/1038651
- https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html
- https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html
Products affected by CVE-2017-9525
-
cpe:2.3:a:cron_project:cron:3.0pl1-128.
-
cpe:2.3:o:canonical:ubuntu_linux:-
-
cpe:2.3:o:canonical:ubuntu_linux:10.04
-
cpe:2.3:o:canonical:ubuntu_linux:10.04.1
-
cpe:2.3:o:canonical:ubuntu_linux:10.04.2
-
cpe:2.3:o:canonical:ubuntu_linux:10.04.3
-
cpe:2.3:o:canonical:ubuntu_linux:10.04.4
-
cpe:2.3:o:canonical:ubuntu_linux:10.10
-
cpe:2.3:o:canonical:ubuntu_linux:11.04
-
cpe:2.3:o:canonical:ubuntu_linux:11.10
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:12.04.1
-
cpe:2.3:o:canonical:ubuntu_linux:12.04.2
-
cpe:2.3:o:canonical:ubuntu_linux:12.04.3
-
cpe:2.3:o:canonical:ubuntu_linux:12.04.4
-
cpe:2.3:o:canonical:ubuntu_linux:12.04.5
-
cpe:2.3:o:canonical:ubuntu_linux:12.10
-
cpe:2.3:o:canonical:ubuntu_linux:13.04
-
cpe:2.3:o:canonical:ubuntu_linux:13.10
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04.1
-
cpe:2.3:o:canonical:ubuntu_linux:14.04.2
-
cpe:2.3:o:canonical:ubuntu_linux:14.04.3
-
cpe:2.3:o:canonical:ubuntu_linux:14.04.4
-
cpe:2.3:o:canonical:ubuntu_linux:14.04.5
-
cpe:2.3:o:canonical:ubuntu_linux:14.04.6
-
cpe:2.3:o:canonical:ubuntu_linux:14.10
-
cpe:2.3:o:canonical:ubuntu_linux:15.04
-
cpe:2.3:o:canonical:ubuntu_linux:15.10
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04.1
-
cpe:2.3:o:canonical:ubuntu_linux:16.04.2
-
cpe:2.3:o:canonical:ubuntu_linux:16.04.3
-
cpe:2.3:o:canonical:ubuntu_linux:16.04.4
-
cpe:2.3:o:canonical:ubuntu_linux:16.04.5
-
cpe:2.3:o:canonical:ubuntu_linux:16.04.6
-
cpe:2.3:o:canonical:ubuntu_linux:16.10
-
cpe:2.3:o:canonical:ubuntu_linux:17.04
-
cpe:2.3:o:canonical:ubuntu_linux:17.10
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04.1
-
cpe:2.3:o:canonical:ubuntu_linux:18.04.2
-
cpe:2.3:o:canonical:ubuntu_linux:18.04.3
-
cpe:2.3:o:canonical:ubuntu_linux:18.04.4
-
cpe:2.3:o:canonical:ubuntu_linux:18.04.5
-
cpe:2.3:o:canonical:ubuntu_linux:18.04.6
-
cpe:2.3:o:canonical:ubuntu_linux:18.10
-
cpe:2.3:o:canonical:ubuntu_linux:19.04
-
cpe:2.3:o:canonical:ubuntu_linux:19.10
-
cpe:2.3:o:canonical:ubuntu_linux:20.04
-
cpe:2.3:o:canonical:ubuntu_linux:20.10
-
cpe:2.3:o:canonical:ubuntu_linux:21.04
-
cpe:2.3:o:canonical:ubuntu_linux:21.10
-
cpe:2.3:o:canonical:ubuntu_linux:22.04
-
cpe:2.3:o:canonical:ubuntu_linux:22.10
-
cpe:2.3:o:canonical:ubuntu_linux:23.04
-
cpe:2.3:o:canonical:ubuntu_linux:23.10
-
cpe:2.3:o:canonical:ubuntu_linux:24.04
-
cpe:2.3:o:canonical:ubuntu_linux:4.10
-
cpe:2.3:o:canonical:ubuntu_linux:5.04
-
cpe:2.3:o:canonical:ubuntu_linux:5.10
-
cpe:2.3:o:canonical:ubuntu_linux:6.06
-
cpe:2.3:o:canonical:ubuntu_linux:6.06.1
-
cpe:2.3:o:canonical:ubuntu_linux:6.06.2
-
cpe:2.3:o:canonical:ubuntu_linux:6.10
-
cpe:2.3:o:canonical:ubuntu_linux:7.04
-
cpe:2.3:o:canonical:ubuntu_linux:7.10
-
cpe:2.3:o:canonical:ubuntu_linux:8.04
-
cpe:2.3:o:canonical:ubuntu_linux:8.04.1
-
cpe:2.3:o:canonical:ubuntu_linux:8.04.2
-
cpe:2.3:o:canonical:ubuntu_linux:8.04.3
-
cpe:2.3:o:canonical:ubuntu_linux:8.04.4
-
cpe:2.3:o:canonical:ubuntu_linux:8.10
-
cpe:2.3:o:canonical:ubuntu_linux:9.04
-
cpe:2.3:o:canonical:ubuntu_linux:9.10
-
cpe:2.3:o:debian:debian_linux:-
-
cpe:2.3:o:debian:debian_linux:0.9.1
-
cpe:2.3:o:debian:debian_linux:0.9.2
-
cpe:2.3:o:debian:debian_linux:0.9.3
-
cpe:2.3:o:debian:debian_linux:0.9.4
-
cpe:2.3:o:debian:debian_linux:0.93
-
cpe:2.3:o:debian:debian_linux:1.1
-
cpe:2.3:o:debian:debian_linux:1.2
-
cpe:2.3:o:debian:debian_linux:1.3
-
cpe:2.3:o:debian:debian_linux:1.3.1
-
cpe:2.3:o:debian:debian_linux:10
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:debian:debian_linux:12.0
-
cpe:2.3:o:debian:debian_linux:13.0
-
cpe:2.3:o:debian:debian_linux:2.0
-
cpe:2.3:o:debian:debian_linux:2.0.34
-
cpe:2.3:o:debian:debian_linux:2.0.5
-
cpe:2.3:o:debian:debian_linux:2.1
-
cpe:2.3:o:debian:debian_linux:2.1.8.8.p3-1.1
-
cpe:2.3:o:debian:debian_linux:2.2
-
cpe:2.3:o:debian:debian_linux:2.3
-
cpe:2.3:o:debian:debian_linux:2.5.2-1
-
cpe:2.3:o:debian:debian_linux:2.5.3-16
-
cpe:2.3:o:debian:debian_linux:2.5.3-3
-
cpe:2.3:o:debian:debian_linux:3.0
-
cpe:2.3:o:debian:debian_linux:3.0.18
-
cpe:2.3:o:debian:debian_linux:3.0.23
-
cpe:2.3:o:debian:debian_linux:3.1
-
cpe:2.3:o:debian:debian_linux:3.2.4
-
cpe:2.3:o:debian:debian_linux:4.0
-
cpe:2.3:o:debian:debian_linux:5.0
-
cpe:2.3:o:debian:debian_linux:5.0.9
-
cpe:2.3:o:debian:debian_linux:6.0
-
cpe:2.3:o:debian:debian_linux:6.0.14
-
cpe:2.3:o:debian:debian_linux:6.2
-
cpe:2.3:o:debian:debian_linux:7.0
-
cpe:2.3:o:debian:debian_linux:7.1
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:debian:debian_linux:9.2