vulnerability

Ubuntu: (Multiple Advisories) (CVE-2017-9525): Cron vulnerabilities

Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
Jun 9, 2017
Added
Feb 2, 2022
Modified
Mar 27, 2026

Description

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.

Solution

ubuntu-pro-upgrade-cron
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.