Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1031

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-1031
Last Modified 05 Sep 2008 04:40:09
Published 01 Mar 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-1031

Summary

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.

Vulnerable Systems

Operating System

  • Gentoo Linux

Application

  • Thibault Godouet Fcron 2.0.1

  • Thibault Godouet Fcron 2.9.4


References

BID - 11684

XF - fcron-fcronsighup-restrictions-bypass(18076)

IDEFENSE - 20041115 Multiple Security Vulnerabilities in Fcron

GENTOO - GLSA-200411-27


Last Updated: 27 May 2016 10:38:52