Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.891723
Kategorie:Debian Local Security Checks
Titel:Debian LTS: Security Advisory for cron (DLA-1723-1)
Zusammenfassung:Various security problems have been discovered in Debian's CRON scheduler.;;CVE-2017-9525;; Fix group crontab to root escalation via the Debian package's; postinst script as described by Alexander Peslyak (Solar Designer) in; the linked references.;;CVE-2019-9704;; DoS: Fix unchecked return of calloc(). Florian Weimer discovered that; a missing check for the return value of calloc() could crash the; daemon, which could be triggered by a very large crontab created by a; user.;;CVE-2019-9705;; Enforce maximum crontab line count of 1000 to prevent a malicious; user from creating an excessivly large crontab. The daemon will log a; warning for existing files, and crontab(1) will refuse to create new; ones.;;CVE-2019-9706;; A user reported a use-after-free condition in the cron daemon,; leading to a possible Denial-of-Service scenario by crashing the; daemon.
Beschreibung:Summary:
Various security problems have been discovered in Debian's CRON scheduler.

CVE-2017-9525

Fix group crontab to root escalation via the Debian package's
postinst script as described by Alexander Peslyak (Solar Designer) in
the linked references.

CVE-2019-9704

DoS: Fix unchecked return of calloc(). Florian Weimer discovered that
a missing check for the return value of calloc() could crash the
daemon, which could be triggered by a very large crontab created by a
user.

CVE-2019-9705

Enforce maximum crontab line count of 1000 to prevent a malicious
user from creating an excessivly large crontab. The daemon will log a
warning for existing files, and crontab(1) will refuse to create new
ones.

CVE-2019-9706

A user reported a use-after-free condition in the cron daemon,
leading to a possible Denial-of-Service scenario by crashing the
daemon.

Affected Software/OS:
cron on Debian Linux

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
3.0pl1-127+deb8u2.

We recommend that you upgrade your cron packages.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-9525
http://bugs.debian.org/864466
http://www.openwall.com/lists/oss-security/2017/06/08/3
https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html
http://www.securitytracker.com/id/1038651
Common Vulnerability Exposure (CVE) ID: CVE-2019-9704
BugTraq ID: 107373
http://www.securityfocus.com/bid/107373
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DU7HAUAQR4E4AEBPYLUV6FZ4PHKH6A2/
https://salsa.debian.org/debian/cron/commit/f2525567
Common Vulnerability Exposure (CVE) ID: CVE-2019-9705
BugTraq ID: 107378
http://www.securityfocus.com/bid/107378
https://salsa.debian.org/debian/cron/commit/26814a26
Common Vulnerability Exposure (CVE) ID: CVE-2019-9706
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167
https://packages.qa.debian.org/c/cron/news/20190311T170403Z.html
https://salsa.debian.org/debian/cron/commit/40791b93
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.