PT-2019-6260 · Debian+2 · Vixie Cron+2

Christian Kastner

Published

2019-03-10

Updated

2022-05-06

CVE-2019-9705

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Vixie Cron versions prior to 3.0pl1-133

Description The issue is related to a memory allocation problem in the cron daemon, allowing an attacker to cause a denial of service by consuming excessive memory. This can be achieved by creating a large crontab file, as the system accepts an unlimited number of lines.

Recommendations For Vixie Cron versions prior to 3.0pl1-133, update to the 3.0pl1-133 Debian package or later to resolve the issue. As a temporary workaround, consider restricting access to the crontab file to prevent malicious modifications.

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2022-06041

CVE-2019-9705

DLA-1723-1

DLA-2801-1

MGASA-2019-0157

OPENSUSE-SU-2019:1520-1

OPENSUSE-SU-2019_1520-1

SUSE-SU-2019:1389-1

SUSE-SU-2019:1389-2

SUSE-SU-2019:1990-1

USN-5259-1

USN-5259-2

Affected Products

Suse

Ubuntu

Vixie Cron

PT-2019-6260 · Debian+2 · Vixie Cron+2

CVE-2019-9705

Weakness Enumeration

Related Identifiers

Affected Products

References · 42