CVE-2004-1031

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:thibault_godouet:fcron:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:thibault_godouet:fcron:2.9.4:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

History

20 Nov 2024, 23:49

Type Values Removed Values Added
References () http://security.gentoo.org/glsa/glsa-200411-27.xml - () http://security.gentoo.org/glsa/glsa-200411-27.xml -
References () http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false - () http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false -
References () http://www.securityfocus.com/bid/11684 - Patch, Vendor Advisory () http://www.securityfocus.com/bid/11684 - Patch, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/18076 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/18076 -

Information

Published : 2005-03-01 05:00

Updated : 2024-11-20 23:49


NVD link : CVE-2004-1031

Mitre link : CVE-2004-1031

CVE.ORG link : CVE-2004-1031


JSON object : View

Products Affected

gentoo

  • linux

thibault_godouet

  • fcron