Vixie Cron CVE-2019-9705 Denial of Service Vulnerability

Vixie Cron is prone to a denial-of-service vulnerability.
Exploiting this issue allows local attackers to trigger a denial-of-service condition due to excessive memory consumption.
Vixie Cron prior to 3.0pl1-133 are vulnerable.

Information

Bugtraq ID: 107378
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2019-9705

Remote: No
Local: Yes
Published: Mar 13 2019 12:00AM
Updated: Mar 13 2019 12:00AM
Credit: The vendor reported this issue.
Vulnerable: Paul Vixie Vixie Cron 3.0pl1-132
Paul Vixie Vixie Cron 3.0pl1-131
Paul Vixie Vixie Cron 3.0pl1-130
Paul Vixie Vixie Cron 3.0pl1-128
Paul Vixie Vixie Cron 3.0pl1-127
Paul Vixie Vixie Cron 3.0pl1-126
Paul Vixie Vixie Cron 3.0pl1-125
Paul Vixie Vixie Cron 3.0pl1-124

Not Vulnerable: Paul Vixie Vixie Cron 3.0pl1-133

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

Vixie Cron Home Page (Paul Vixie)
Bug 1687694 (CVE-2019-9705) - CVE-2019-9705 vixie-cron: dos(memory consumption) (Red Hat Bugzilla)
Enforce maximum crontab line count of 1000 ()
CVE-2019-9705 (Red Hat)

Source: www.securityfocus.com

Exploit Collector

Search Exploit