70 matches found
Fcron 3.0 - Convert-FCronTab Local Buffer Overflow
Fcron 3.0 - Convert-FCronTab Local Buffer Overflow source: https://www.securityfocus.com/bid/16467/info Fcron is susceptible to a local buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied data before copying it to an insufficiently...
[Full-disclosure] Fcrontab - memory corruption on heap.
Name: Fcron - convert-fcrontab Vendor URL: http://fcron.free.fr Author: Adam Zabrocki [email protected] Date: November 25, 2005 Issue: Fcron convert-fcrontab allow users to corruption on heap section. Description: Fcron is a periodical command scheduler which aims at replacing Vixie Cron, and...
Fcron 3.0 - Convert-FCronTab Local Buffer Overflow
source: https://www.securityfocus.com/bid/16467/info Fcron is susceptible to a local buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. This issue allows local...
FreeBSD : fcron -- multiple vulnerabilities (e480ccb2-6bc8-11d9-8dbe-000a95bc6fae)
An iDEFENSE Security Advisory states : Multiple vulnerabilities have been found in Fcron. - File contents disclosure - Configuration Bypass Vulnerability - File Removal and Empty File Creation Vulnerability - Information Disclosure Vulnerability %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
CVE-2004-1030
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message...
CVE-2004-1032
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash / characters such that fcronsighup does not properly append the intended fcrontab.sig to the...
CVE-2004-1033
Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable...
CVE-2004-1032
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash / characters such that fcronsighup does not properly append the intended fcrontab.sig to the...
CVE-2004-1031
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user,...
CVE-2004-1033
Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable...
CVE-2004-1030
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message...
CVE-2004-1031
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user,...
CVE-2004-1033
Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable...
CVE-2004-1032
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash / characters such that fcronsighup does not properly append the intended fcrontab.sig to the...
CVE-2004-1030
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message...
CVE-2004-1031
CVE-2004-1031 affects Fcron (notably 2.0.1 and 2.9.4) and potentially earlier versions. The issue allows a local user to bypass access restrictions and load an arbitrary fcron configuration file by starting a setuid process and pointing the fcronsighup configuration file at a /proc entry owned by...
CVE-2004-1033
CVE-2004-1033 concerns Fcron versions 2.0.1, 2.9.4 (and possibly earlier) leaking file descriptors for open files, enabling a local user to bypass access restrictions and read the files fcron.allow and fcron.deny via the EDITOR environment variable. The available connected documents confirm the a...
CVE-2004-1031
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user,...
CVE-2004-1030
CVE-2004-1030 : In Fcron, the fcronsighup utility (versions including 2.0.1 and 2.9.4; possibly earlier) can be used by a local user to disclose sensitive information by invoking fcronsighup with an arbitrary file, causing contents of that file to be revealed in error messages. This is an informa...
CVE-2004-1032
CVE-2004-1032 affects Fcron (notably versions 2.0.1, 2.9.4, and possibly earlier). The issue lies in fcronsighup: when a target filename has a large number of leading slashes, Fcron does not correctly append fcrontab.sig, allowing a local user to delete arbitrary files or create arbitrary empty f...