In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.
CPE | Name | Operator | Version |
---|---|---|---|
cron | eq | <= 3.0pl1-128 | |
debian_linux | eq | 8.0 | |
debian_linux | eq | 9.0 |