VMware Tanzu products update for Cron



Published: 2022-08-01
Risk Low
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2017-9525
CVE-2019-9704
CVE-2019-9705
CVE-2019-9706
CWE-ID CWE-264
CWE-252
CWE-770
CWE-416
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Isolation Segment
Server applications / Other server solutions

VMware Tanzu Application Service for VMs
Server applications / Other server solutions

Vendor VMware, Inc

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Privilege escalation

EUVDB-ID: #VU7010

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9525

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in Cron due to a flaw in the postinst maintainer script. A local attacker with crontab group privileges can conduct a symlink attack, bypass crontab privilege separation controls and gain root privileges on the target system.

Successful exploitation of the vulnerability results in privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Isolation Segment: 2.7 - 2.12.7

VMware Tanzu Application Service for VMs: 2.7.0 - 2.12.12

External links

http://tanzu.vmware.com/security/usn-5259-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Unchecked Return Value

EUVDB-ID: #VU63055

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9704

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to the calloc return value is not checked. A local user can create a large crontab file and crash the daemon.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Isolation Segment: 2.7 - 2.12.7

VMware Tanzu Application Service for VMs: 2.7.0 - 2.12.12

External links

http://tanzu.vmware.com/security/usn-5259-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU63054

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9705

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to Vixie Cron implementation allows unlimited number of lines to be inserted into the crontab file. A local user can create a very large crontab file and consume all available memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Isolation Segment: 2.7 - 2.12.7

VMware Tanzu Application Service for VMs: 2.7.0 - 2.12.12

External links

http://tanzu.vmware.com/security/usn-5259-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU63053

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9706

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in force_rescan_user() function in Vixie Cron. A local user can write specially crafted data to the crontab file, trigger a use-after-free error and crash the daemon.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Isolation Segment: 2.7 - 2.12.7

VMware Tanzu Application Service for VMs: 2.7.0 - 2.12.12

External links

http://tanzu.vmware.com/security/usn-5259-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###