CVE-2019-9706

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-9706
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167 Exploit Mailing List Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html Mailing List Third Party Advisory
https://packages.qa.debian.org/c/cron/news/20190311T170403Z.html Mailing List Patch Vendor Advisory
https://salsa.debian.org/debian/cron/commit/40791b93 Patch Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167 Exploit Mailing List Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html Mailing List Third Party Advisory
https://packages.qa.debian.org/c/cron/news/20190311T170403Z.html Mailing List Patch Vendor Advisory
https://salsa.debian.org/debian/cron/commit/40791b93 Patch Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:debian:cron:3.0:-:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-100:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-101:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-102:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-103:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-104:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-105:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-106:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-107:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-108:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-109:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-110:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-111:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-112:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-113:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-114:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-115:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-116:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-117:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-118:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-119:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-120:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-121:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-122:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-123:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-124:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-124.1:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-124.2:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-125:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-126:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-127:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-128:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-130:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-131:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-132:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-37:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-38:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-39:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-40:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-41:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-42:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-43:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-44:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-45:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-46:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-47:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-48:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-49:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-50:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-50.1:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-50.2:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-51:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-53:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-54:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-55:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-56:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-57:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-57.2:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-57.3:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-58:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-59:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-60:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-61:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-62:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-63:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-64:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-65:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-66:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-67:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-68:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-69:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-70:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-71:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-72:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-73:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-74:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-75:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-76:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-77:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-78:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-79:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-80:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-81:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-82:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-83:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-84:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-85:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-86:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-87:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-88:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-89:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-90:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-91:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-92:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-93:*:*:*:*:*:*
cpe:2.3:a:debian:cron:3.0:pl1-94:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
History

21 Nov 2024, 04:52

Type Values Removed Values Added
References () https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167 - Exploit, Mailing List, Vendor Advisory () https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167 - Exploit, Mailing List, Vendor Advisory
References () https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html - Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html - Mailing List, Third Party Advisory
References () https://packages.qa.debian.org/c/cron/news/20190311T170403Z.html - Mailing List, Patch, Vendor Advisory () https://packages.qa.debian.org/c/cron/news/20190311T170403Z.html - Mailing List, Patch, Vendor Advisory
References () https://salsa.debian.org/debian/cron/commit/40791b93 - Patch, Third Party Advisory () https://salsa.debian.org/debian/cron/commit/40791b93 - Patch, Third Party Advisory
Information

Published : 2019-03-12 01:29

Updated : 2024-11-21 04:52

NVD link : CVE-2019-9706

Mitre link : CVE-2019-9706

CVE.ORG link : CVE-2019-9706

JSON object : View

Products Affected

debian

  • cron
  • debian_linux
CWE
CWE-416

Use After Free