Vulnerability Name: | CVE-2004-1031 (CCN-18076) | ||||||||
Assigned: | 2004-11-15 | ||||||||
Published: | 2004-11-15 | ||||||||
Updated: | 2017-07-11 | ||||||||
Summary: | fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ. | ||||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Bypass Security | ||||||||
References: | Source: MITRE Type: CNA CVE-2004-1031 Source: CCN Type: Fcron Web site Welcome to Fcron's home page ! Source: GENTOO Type: UNKNOWN GLSA-200411-27 Source: CCN Type: GLSA-200411-27 Fcron: Multiple vulnerabilities Source: IDEFENSE Type: UNKNOWN 20041115 Multiple Security Vulnerabilities in Fcron Source: CCN Type: iDEFENSE Security Advisory 11.15.04 Multiple Security Vulnerabilities in Fcron Source: CCN Type: OSVDB ID: 11835 Fcron fcronsighup Configuration Restriction Bypass Source: BID Type: Patch, Vendor Advisory 11684 Source: CCN Type: BID-11684 Fcron FCronTab/FCronSighUp Multiple Local Vulnerabilities Source: XF Type: UNKNOWN fcron-fcronsighup-restrictions-bypass(18076) Source: XF Type: UNKNOWN fcron-fcronsighup-restrictions-bypass(18076) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: ![]() | ||||||||
BACK |