CVE-2004-1031

2005-03-0105:00:00

mitre

web.nvd.nist.gov

fcron

fcron 2.0.1

fcron 2.9.4

access restrictions bypass

suid process

arbitrary configuration file

security vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

Percentile

5.1%

JSON

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.

Affected configurations

Nvd

Node

thibault_godouetfcronMatch2.0.1

thibault_godouetfcronMatch2.9.4

Node

gentoolinux

VendorProductVersionCPE
thibault_godouetfcron2.0.1cpe:2.3:a:thibault_godouet:fcron:2.0.1:*:*:*:*:*:*:*
thibault_godouetfcron2.9.4cpe:2.3:a:thibault_godouet:fcron:2.9.4:*:*:*:*:*:*:*
gentoolinux*cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
thibault_godouet	fcron	2.0.1	cpe:2.3:a:thibault_godouet:fcron:2.0.1:::::::*
thibault_godouet	fcron	2.9.4	cpe:2.3:a:thibault_godouet:fcron:2.9.4:::::::*
gentoo	linux	*	cpe:2.3:o:gentoo:linux::::::::