Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.891723 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian LTS: Security Advisory for cron (DLA-1723-1) |
Zusammenfassung: | Various security problems have been discovered in Debian's CRON scheduler.;;CVE-2017-9525;; Fix group crontab to root escalation via the Debian package's; postinst script as described by Alexander Peslyak (Solar Designer) in; the linked references.;;CVE-2019-9704;; DoS: Fix unchecked return of calloc(). Florian Weimer discovered that; a missing check for the return value of calloc() could crash the; daemon, which could be triggered by a very large crontab created by a; user.;;CVE-2019-9705;; Enforce maximum crontab line count of 1000 to prevent a malicious; user from creating an excessivly large crontab. The daemon will log a; warning for existing files, and crontab(1) will refuse to create new; ones.;;CVE-2019-9706;; A user reported a use-after-free condition in the cron daemon,; leading to a possible Denial-of-Service scenario by crashing the; daemon. |
Beschreibung: | Summary: Various security problems have been discovered in Debian's CRON scheduler. CVE-2017-9525 Fix group crontab to root escalation via the Debian package's postinst script as described by Alexander Peslyak (Solar Designer) in the linked references. CVE-2019-9704 DoS: Fix unchecked return of calloc(). Florian Weimer discovered that a missing check for the return value of calloc() could crash the daemon, which could be triggered by a very large crontab created by a user. CVE-2019-9705 Enforce maximum crontab line count of 1000 to prevent a malicious user from creating an excessivly large crontab. The daemon will log a warning for existing files, and crontab(1) will refuse to create new ones. CVE-2019-9706 A user reported a use-after-free condition in the cron daemon, leading to a possible Denial-of-Service scenario by crashing the daemon. Affected Software/OS: cron on Debian Linux Solution: For Debian 8 'Jessie', these problems have been fixed in version 3.0pl1-127+deb8u2. We recommend that you upgrade your cron packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-9525 http://bugs.debian.org/864466 http://www.openwall.com/lists/oss-security/2017/06/08/3 https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html http://www.securitytracker.com/id/1038651 Common Vulnerability Exposure (CVE) ID: CVE-2019-9704 BugTraq ID: 107373 http://www.securityfocus.com/bid/107373 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DU7HAUAQR4E4AEBPYLUV6FZ4PHKH6A2/ https://salsa.debian.org/debian/cron/commit/f2525567 Common Vulnerability Exposure (CVE) ID: CVE-2019-9705 BugTraq ID: 107378 http://www.securityfocus.com/bid/107378 https://salsa.debian.org/debian/cron/commit/26814a26 Common Vulnerability Exposure (CVE) ID: CVE-2019-9706 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167 https://packages.qa.debian.org/c/cron/news/20190311T170403Z.html https://salsa.debian.org/debian/cron/commit/40791b93 |
Copyright | Copyright (C) 2019 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |