{"id":"USN-5259-1","summary":"cron vulnerabilities","details":"It was discovered that the postinst maintainer script in Cron unsafely\nhandled file permissions during package install or update operations.\nAn attacker could possibly use this issue to perform a privilege\nescalation attack. (CVE-2017-9525)\n\nFlorian Weimer discovered that Cron incorrectly handled certain memory\noperations during crontab file creation. An attacker could possibly use\nthis issue to cause a denial of service. (CVE-2019-9704)\n\nIt was discovered that Cron incorrectly handled user input during crontab\nfile creation. An attacker could possibly use this issue to cause a denial\nof service. (CVE-2019-9705)\n\nIt was discovered that Cron contained a use-after-free vulnerability in\nits force_rescan_user function. An attacker could possibly use this issue\nto cause a denial of service. (CVE-2019-9706)\n","modified":"2026-05-20T16:03:12.033878674Z","published":"2022-02-01T14:38:29Z","related":["UBUNTU-CVE-2017-9525","UBUNTU-CVE-2019-9704","UBUNTU-CVE-2019-9705","UBUNTU-CVE-2019-9706"],"upstream":["CVE-2017-9525","CVE-2019-9704","CVE-2019-9705","CVE-2019-9706","UBUNTU-CVE-2017-9525","UBUNTU-CVE-2019-9704","UBUNTU-CVE-2019-9705","UBUNTU-CVE-2019-9706"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5259-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-9525"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-9704"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-9705"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-9706"}],"affected":[{"package":{"name":"cron","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/cron?arch=source&distro=esm-apps%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0pl1-128ubuntu2+esm1"}]}],"versions":["3.0pl1-127ubuntu1","3.0pl1-128ubuntu1","3.0pl1-128ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_name":"cron","binary_version":"3.0pl1-128ubuntu2+esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5259-1.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}}],"schema_version":"1.7.5"}