Lucene search

[email protected]CVE-2004-1032

HistoryMar 01, 2005 - 5:00 a.m.

CVE-2004-1032

2005-03-0105:00:00

[email protected]

web.nvd.nist.gov

fcron

vulnerability

local users

file deletion

file creation

security issue

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string.

Affected configurations

NVD

Node

thibault_godouetfcronMatch2.0.1

thibault_godouetfcronMatch2.9.4

Node

gentoolinux

CPENameOperatorVersion
thibault_godouet:fcronthibault godouet fcroneq2.0.1
thibault_godouet:fcronthibault godouet fcroneq2.9.4

CPE	Name	Operator	Version
thibault_godouet:fcron	thibault godouet fcron	eq	2.0.1
thibault_godouet:fcron	thibault godouet fcron	eq	2.9.4

References

security.gentoo.org/glsa/glsa-200411-27.xml

www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false

exchange.xforce.ibmcloud.com/vulnerabilities/18077

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2004-1032

cvelist1 ubuntucve1 nvd1 nessus2 openvas4 freebsd1 gentoo1