Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.
References
Configurations
History
20 Nov 2024, 23:49
Type | Values Removed | Values Added |
---|---|---|
References | () http://security.gentoo.org/glsa/glsa-200411-27.xml - | |
References | () http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false - | |
References | () http://www.securityfocus.com/bid/11684 - Patch, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/18078 - |
Information
Published : 2005-03-01 05:00
Updated : 2024-11-20 23:49
NVD link : CVE-2004-1033
Mitre link : CVE-2004-1033
CVE.ORG link : CVE-2004-1033
JSON object : View
Products Affected
gentoo
- linux
thibault_godouet
- fcron
CWE