18 matches found
EUVD-2010-0818
Malware in sbrugna...
EUVD-2004-1030
Malware in sbrugna...
EUVD-2004-1029
Malware in sbrugna...
EUVD-2004-1028
Malware in sbrugna...
CVE-2006-0539
The convert-fcrontab program in fcron 3.0.0 might allow local users to gain privileges via a long command-line argument, which causes Linux glibc to report heap memory corruption, possibly because a strcpy in the strdup2 function can "overwrite some data."...
CVE-2004-1033
Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable...
CVE-2004-1032
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash / characters such that fcronsighup does not properly append the intended fcrontab.sig to the...
CVE-2004-1030
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message...
CVE-2004-1033
Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable...
CVE-2004-1030
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message...
CVE-2004-1031
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user,...
CVE-2004-1030
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message...
CVE-2004-1032
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash / characters such that fcronsighup does not properly append the intended fcrontab.sig to the...
CVE-2001-0685
Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt another user's crontab file via a symlink attack on the fcrontab temporary file...
CVE-2001-0685
Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt another user's crontab file via a symlink attack on the fcrontab temporary file...
Thibault Godouet FCron 1 - Symbolic Link
source: https://www.securityfocus.com/bid/2835/info FCron is an implementation of the popular UNIX 'cron' utility that runs user-specified programs at periodic scheduled times. fcron is vulnerable to symbolic link attacks. It is possible for an attacker to anticipate the expected name of an fcron...
Thibault Godouet FCron 1 - Symbolic Link
Thibault Godouet FCron 1 - Symbolic Link source: https://www.securityfocus.com/bid/2835/info FCron is an implementation of the popular UNIX 'cron' utility that runs user-specified programs at periodic scheduled times. fcron is vulnerable to symbolic link attacks. It is possible for an attacker to...
fcron 0.9.5 is vulnerable to a symlink attack
What we need: we need that root updates our crontab file fcrontab -u kiss -e What we get: we get written /etc/shadow in our crontab file or any other file we want This is just a proof of concept. What we have to do is run the exploit above from a normal user shell. Then, in a root console, we...