Your message dated Sun, 11 Mar 2018 23:04:21 +0000
with message-id <e1eva0r-000fix...@fasolo.debian.org>
and subject line Bug#864466: fixed in cron 3.0pl1-129
has caused the Debian Bug report #864466,
regarding cron: CVE-2017-9525: group crontab to root escalation via postinst
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
864466: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864466
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: cron
Version: 3.0pl1-127
Severity: important
Tags: security

Hi

There is reported a group crontab to root escalation via the postinst
in Debian and Ubuntu, as stated in the oss-security post:

http://www.openwall.com/lists/oss-security/2017/06/08/3

Our postinst contains:

| # Fixup crontab , directory and files for new group 'crontab'.
| # Can't use dpkg-statoverride for this because it doesn't cooperate nicely
| # with cron alternatives such as bcron
| if [ -d $crondir/crontabs ] ; then
|     chown root:crontab $crondir/crontabs
|     chmod 1730 $crondir/crontabs
|     # This used to be done conditionally. For versions prior to "3.0pl1-81"
|     # It has been disabled to suit cron alternative such as bcron.
|     cd $crondir/crontabs
|     set +e
|     ls -1 | xargs -r -n 1 --replace=xxx  chown 'xxx:crontab' 'xxx'
|     ls -1 | xargs -r -n 1 chmod 600
|     set -e
| fi

which can be used for group-crontab-to-root escalation of privileges
as described by Qualys team in the above reference.

(note that for the first issue, we have already the kernel hardening
in place since Debian Wheezy).

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: cron
Source-Version: 3.0pl1-129

We believe that the bug you reported is fixed in the latest version of
cron, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 864...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Javier Fernández-Sanguino Peña <j...@debian.org> (supplier of updated cron 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 11 Mar 2018 22:38:06 +0100
Source: cron
Binary: cron
Architecture: source i386
Version: 3.0pl1-129
Distribution: unstable
Urgency: medium
Maintainer: Javier Fernández-Sanguino Peña <j...@debian.org>
Changed-By: Javier Fernández-Sanguino Peña <j...@debian.org>
Description:
 cron       - process scheduling daemon
Closes: 767016 783665 801384 819832 864466
Changes:
 cron (3.0pl1-129) unstable; urgency=medium
 .
   * Acknowledge NMU
   * debian/cron.init, debian/cron.service: Make sure cron is started last and
     stopped first, with patch provided by Harald Dunke
     (Closes: #767016, #801384, #783665) (LP: #1593317)
   * crontab.1: Document limitation due to account renaming as described in
     Ubuntu's bug 73398
   * crontab.5: Document the need to set the DISPLAY environment when running
     scheduled tasks that interact with the user's desktop environment
     (LP: #891869)
   * cron.8: Fix typo (Closes: 819832)
   * debian/control: Replace dh-systemd dependency with debhelper (lintian fix)
   * debian/README.Debian: Update maintainer address
 .
   [ Christian Kastner ]
   * debian/postinst: Fix for CVE-2017-9525: group crontab to root escalation 
via postinst
   as described by Alexander Peslyak (Solar Designer) in
   http://www.openwall.com/lists/oss-security/2017/06/08/3
   (Closes: 864466)
Checksums-Sha1:
 c39da58d644fe25595757acf8a36e551c52e1f97 1923 cron_3.0pl1-129.dsc
 f4c9296f8f8e37b439eca312fd837b729349f0b8 99872 cron_3.0pl1-129.diff.gz
 1760612136fc7fa609daf5c158856f69016bdfaf 78752 cron-dbgsym_3.0pl1-129_i386.deb
 127dfa254c2cba86a08aadad86bfa9288e792c0e 6329 cron_3.0pl1-129_i386.buildinfo
 694978c4128ef70924dd3fabb963959c200806ca 98092 cron_3.0pl1-129_i386.deb
Checksums-Sha256:
 b21e922cdc5b0b2f5e623da7086a38f69f8d2e3b230640620bd9e1cbd831204a 1923 
cron_3.0pl1-129.dsc
 996bce2be55c5c46d145946b8d6a9d86f56cc32a8ff8ba7bf8965512ee398a67 99872 
cron_3.0pl1-129.diff.gz
 341d093492bf55a5c25270d8117376a69ec65426e459b63a8ee39d33faac3f37 78752 
cron-dbgsym_3.0pl1-129_i386.deb
 794f1648462df67c749294923c1546d2968d582276c609677cda58333384216a 6329 
cron_3.0pl1-129_i386.buildinfo
 fd55c3a3cc1291e833730888f19fbfa370635798b31296ad08af2dd069eff957 98092 
cron_3.0pl1-129_i386.deb
Files:
 b9fea6c16c4154d0e500f6fb465a5118 1923 admin important cron_3.0pl1-129.dsc
 fbc47dd4bb66d84c3a37e8f712ecb019 99872 admin important cron_3.0pl1-129.diff.gz
 ca5e626233fd34fc3617d6e975989307 78752 debug optional 
cron-dbgsym_3.0pl1-129_i386.deb
 d43255a230a9288caa03089d2e3a44c1 6329 admin important 
cron_3.0pl1-129_i386.buildinfo
 e08efce3c6b00eb7caa779e0b28d002e 98092 admin important cron_3.0pl1-129_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEFQ8Kq6ttIR3DT+AOix9vSKslf5gFAlqlsdcACgkQix9vSKsl
f5hfkhAAocm6FLihu56vY2kny+VbfUiKpPzoG5IZkogTUpQvYWJ4uVI8h8kCHXfO
qdVtAA++Jb/1aol2t2Qk8hju7FU0igF+yP+Hpgv7PHnjWg4CKiR2UFQh7ramNZaF
fjef9fztFOI6UQyfj8glESEe4wlOAhvrS2hNLHWsowcOA4iDF2uiw2WkffPZDi9w
KVGFyYQIlROA7FYP21gx3AMn64BL82uqQZTuoEXBlPHfW4Ji7Nt8t222IP+hSU9N
CnVWnwntlZ434MVGt1ArjFSR+4xU44WNQZjUiR6rxSXswheUfXMhKp3PHJ3jeGm7
z4omV+Um7CWZLDoHrhOYenweSk7+Q3UtuGR72dQSZQPIHhjIQGRCg7P/EwAr1FxS
jxXFjRYacYDVW5IHhQuQo5JOG4nMhYvSjbQ9grBxk7CM1REv2DnOGVGOVUAmQyrL
Na4H/2s+BISlAJIrGQmmdRcodLxKAPuRPKcLFRPgPXCI7Evk3m8K244UBY1IDFpw
hQ+yeMYOBGObSn3QcvZ8la3dX7V1t30Z+NfsQXbIhh06Oc10aF9hKSqw0Rr1Sc5S
//VC3pi/R//AfWWCUL7Dftqcy4Ke+T5IEuQMre+IHOMiKOFP7m7pErgpc32OI5qM
EW/diMdUVUoKMCw2ksZaAMy06IfREE66Bp/D1DtHc8wqk0yN7ac=
=eAvM
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to