Lucene search

[email protected]CVE-2004-1031

HistoryMar 01, 2005 - 5:00 a.m.

CVE-2004-1031

2005-03-0105:00:00

[email protected]

web.nvd.nist.gov

fcron

fcron 2.0.1

fcron 2.9.4

access restrictions bypass

suid process

arbitrary configuration file

security vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.

Affected configurations

NVD

Node

thibault_godouetfcronMatch2.0.1

thibault_godouetfcronMatch2.9.4

Node

gentoolinux

CPENameOperatorVersion
thibault_godouet:fcronthibault godouet fcroneq2.0.1
thibault_godouet:fcronthibault godouet fcroneq2.9.4

CPE	Name	Operator	Version
thibault_godouet:fcron	thibault godouet fcron	eq	2.0.1
thibault_godouet:fcron	thibault godouet fcron	eq	2.9.4

References

security.gentoo.org/glsa/glsa-200411-27.xml

www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false

www.securityfocus.com/bid/11684

exchange.xforce.ibmcloud.com/vulnerabilities/18076

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2004-1031

nvd1 cvelist1 ubuntucve1 nessus2 openvas4 freebsd1 gentoo1