3 matches found
CVE-2019-9704
CVE-2019-9704 affects Vixie Cron in Debian, where the daemon can crash via a large crontab file due to calloc return value not being checked. Affects Debian package 3.0pl1-133 and earlier; remediation is to upgrade to 3.0pl1-133 or later. The connected Broadcom advisory also references CVE-2019-9...
CVE-2019-9705
CVE-2019-9705 affects Vixie Cron prior to Debian 3.0pl1-133, allowing local users to cause memory DoS by submitting an unlimited number of crontab lines. Connected sources confirm the issue is a local denial of service due to memory consumption from large crontabs. The Broadcom advisory re-states...
CVE-2017-9525
CVE-2017-9525 affects the cron package (Debian: 3.0pl1-128; Ubuntu: 3.0pl1-128ubuntu2) where the postinst maintainer script allows group-crontab-to-root privilege escalation through unsafe usage of chown/chmod and symlink attacks. Multiple connected advisories reference Cron regressions and incom...