fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.
References
Configurations
History
20 Nov 2024, 23:49
Type | Values Removed | Values Added |
---|---|---|
References | () http://security.gentoo.org/glsa/glsa-200411-27.xml - | |
References | () http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false - | |
References | () http://www.securityfocus.com/bid/11684 - Patch, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/18076 - |
Information
Published : 2005-03-01 05:00
Updated : 2024-11-20 23:49
NVD link : CVE-2004-1031
Mitre link : CVE-2004-1031
CVE.ORG link : CVE-2004-1031
JSON object : View
Products Affected
gentoo
- linux
thibault_godouet
- fcron
CWE