Bug 1043768 - (CVE-2017-9525) VUL-0: CVE-2017-9525: cron: postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink
(CVE-2017-9525)
VUL-0: CVE-2017-9525: cron: postinst maintainer script allows for group-cron...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/186528/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-12 05:43 UTC by Victor Pereira
Modified: 2017-10-26 06:16 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2017-06-12 05:43:11 UTC
CVE-2017-9525

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2
on Ubuntu, the postinst maintainer script allows for group-crontab-to-root
privilege escalation via symlink attacks against unsafe usage of the chown and
chmod programs.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9525
http://seclists.org/oss-sec/2017/q2/451
http://www.openwall.com/lists/oss-security/2017/06/08/3
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9525.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864466
http://www.cvedetails.com/cve/CVE-2017-9525/
Comment 1 Victor Pereira 2017-06-12 13:52:42 UTC
probably not affected.
Comment 2 Kristyna Streitova 2017-08-29 09:31:06 UTC
(In reply to Victor Pereira from comment #1)
> probably not affected.

Yes, we are not affected. We have no such unsafe chmod/chown calls in our specfile (neither cron nor cronie).

I'm reassigning it back to the security team. Feel free to close it.
Comment 3 Marcus Meissner 2017-10-26 06:16:31 UTC
not affected