CVE-2019-9706 - Use After Free

Severity

55%

Complexity

18%

Confidentiality

60%

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.

CVSS 3.1 Base Score 5.5. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 2.0 Base Score 2.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P).

Demo Examples

Use After Free

CWE-416

The following example demonstrates the weakness.


               
}
free(buf3R2);

Use After Free

CWE-416

The following code illustrates a use after free error:


               
}
free(ptr);
logError("operation aborted before commit", ptr);

When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function.

Overview

Type

Debian

First reported 6 years ago

2019-03-12 01:29:00

Last updated 5 years ago

2019-12-18 18:58:00

Affected Software

Debian Cron 3.0

3.0

Debian Cron 3.0 pl1

3.0

Debian Cron 3.0 pl1-100

3.0

Debian Cron 3.0 pl1-101

3.0

Debian Cron 3.0 pl1-102

3.0

Debian Cron 3.0 pl1-103

3.0

Debian Cron 3.0 pl1-104

3.0

Debian Cron 3.0 pl1-105

3.0

Debian Cron 3.0 pl1-106

3.0

Debian Cron 3.0 pl1-107

3.0

Debian Cron 3.0 pl1-108

3.0

Debian Cron 3.0 pl1-109

3.0

Debian Cron 3.0 pl1-110

3.0

Debian Cron 3.0 pl1-111

3.0

Debian Cron 3.0 pl1-112

3.0

Debian Cron 3.0 pl1-113

3.0

Debian Cron 3.0 pl1-114

3.0

Debian Cron 3.0 pl1-115

3.0

Debian Cron 3.0 pl1-116

3.0

Debian Cron 3.0 pl1-117

3.0

Debian Cron 3.0 pl1-118

3.0

Debian Cron 3.0 pl1-119

3.0

Debian Cron 3.0 pl1-120

3.0

Debian Cron 3.0 pl1-121

3.0

Debian Cron 3.0 pl1-122

3.0

Debian Cron 3.0 pl1-123

3.0

Debian Cron 3.0 pl1-124

3.0

Debian Cron 3.0 pl1-124.1

3.0

Debian Cron 3.0 pl1-124.2

3.0

Debian Cron 3.0 pl1-125

3.0

Debian Cron 3.0 pl1-126

3.0

Debian Cron 3.0 pl1-127

3.0

Debian Cron 3.0 pl1-128

3.0

Debian Cron 3.0 pl1-130

3.0

Debian Cron 3.0 pl1-131

3.0

Debian Cron 3.0 pl1-132

3.0

Debian Cron 3.0 pl1-37

3.0

Debian Cron 3.0 pl1-38

3.0

Debian Cron 3.0 pl1-39

3.0

Debian Cron 3.0 pl1-40

3.0

Debian Cron 3.0 pl1-41

3.0

Debian Cron 3.0 pl1-42

3.0

Debian Cron 3.0 pl1-43

3.0

Debian Cron 3.0 pl1-44

3.0

Debian Cron 3.0 pl1-45

3.0

Debian Cron 3.0 pl1-46

3.0

Debian Cron 3.0 pl1-47

3.0

Debian Cron 3.0 pl1-48

3.0

Debian Cron 3.0 pl1-49

3.0

Debian Cron 3.0 pl1-50

3.0

Debian Cron 3.0 pl1-50.1

3.0

Debian Cron 3.0 pl1-50.2

3.0

Debian Cron 3.0 pl1-51

3.0

Debian Cron 3.0 pl1-53

3.0

Debian Cron 3.0 pl1-54

3.0

Debian Cron 3.0 pl1-55

3.0

Debian Cron 3.0 pl1-56

3.0

Debian Cron 3.0 pl1-57

3.0

Debian Cron 3.0 pl1-57.2

3.0

Debian Cron 3.0 pl1-57.3

3.0

Debian Cron 3.0 pl1-58

3.0

Debian Cron 3.0 pl1-59

3.0

Debian Cron 3.0 pl1-60

3.0

Debian Cron 3.0 pl1-61

3.0

Debian Cron 3.0 pl1-62

3.0

Debian Cron 3.0 pl1-63

3.0

Debian Cron 3.0 pl1-64

3.0

Debian Cron 3.0 pl1-65

3.0

Debian Cron 3.0 pl1-66

3.0

Debian Cron 3.0 pl1-67

3.0

Debian Cron 3.0 pl1-68

3.0

Debian Cron 3.0 pl1-69

3.0

Debian Cron 3.0 pl1-70

3.0

Debian Cron 3.0 pl1-71

3.0

Debian Cron 3.0 pl1-72

3.0

Debian Cron 3.0 pl1-73

3.0

Debian Cron 3.0 pl1-74

3.0

Debian Cron 3.0 pl1-75

3.0

Debian Cron 3.0 pl1-76

3.0

Debian Cron 3.0 pl1-77

3.0

Debian Cron 3.0 pl1-78

3.0

Debian Cron 3.0 pl1-79

3.0

Debian Cron 3.0 pl1-80

3.0

Debian Cron 3.0 pl1-81

3.0

Debian Cron 3.0 pl1-82

3.0

Debian Cron 3.0 pl1-83

3.0

Debian Cron 3.0 pl1-84

3.0

Debian Cron 3.0 pl1-85

3.0

Debian Cron 3.0 pl1-86

3.0

Debian Cron 3.0 pl1-87

3.0

Debian Cron 3.0 pl1-88

3.0

Debian Cron 3.0 pl1-89

3.0

Debian Cron 3.0 pl1-90

3.0

Debian Cron 3.0 pl1-91

3.0

Debian Cron 3.0 pl1-92

3.0

Debian Cron 3.0 pl1-93

3.0

Debian Cron 3.0 pl1-94

3.0

Debian Linux 8.0 (Jessie)

8.0

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167

Exploit, Mailing List, Vendor Advisory

[debian-lts-announce] 20190321 [SECURITY] [DLA 1723-1] cron security update

Mailing List, Third Party Advisory

https://packages.qa.debian.org/c/cron/news/20190311T170403Z.html

Mailing List, Patch, Vendor Advisory

https://salsa.debian.org/debian/cron/commit/40791b93

Patch, Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.