PT-2019-5546 · Debian+1 · Vixie Cron+1

Florian Weimer

Published

2019-03-11

Updated

2022-05-06

CVE-2019-9706

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Vixie Cron versions prior to 3.0pl1-133

Description The issue is related to a use-after-free error in the force rescan user function of the Cron daemon, which can cause a denial of service and daemon crash. This can be exploited by local users to disrupt service.

Recommendations For versions prior to 3.0pl1-133, update to the 3.0pl1-133 Debian package or later to resolve the issue. As a temporary workaround, consider restricting access to the Cron daemon to minimize the risk of exploitation.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2020-04096

CVE-2019-9706

DLA-1723-1

DLA-2801-1

USN-5259-1

USN-5259-2

Affected Products

Ubuntu

Vixie Cron

PT-2019-5546 · Debian+1 · Vixie Cron+1

CVE-2019-9706

Weakness Enumeration

Related Identifiers

Affected Products

References · 26