Vulnerabilities > CVE-2004-1030
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 | |
| OS | 1 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200411-27.NASL description The remote host is affected by the vulnerability described in GLSA-200411-27 (Fcron: Multiple vulnerabilities) Due to design errors in the fcronsighup program, Fcron may allow a local user to bypass access restrictions (CAN-2004-1031), view the contents of root owned files (CAN-2004-1030), remove arbitrary files or create empty files (CAN-2004-1032), and send a SIGHUP to any process. A vulnerability also exists in fcrontab which may allow local users to view the contents of fcron.allow and fcron.deny (CAN-2004-1033). Impact : A local attacker could exploit these vulnerabilities to perform a Denial of Service on the system running Fcron. Workaround : Make sure the fcronsighup and fcrontab binaries are only executable by trusted users. last seen 2020-06-01 modified 2020-06-02 plugin id 15768 published 2004-11-19 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15768 title GLSA-200411-27 : Fcron: Multiple vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_E480CCB26BC811D98DBE000A95BC6FAE.NASL description An iDEFENSE Security Advisory states : Multiple vulnerabilities have been found in Fcron. - File contents disclosure - Configuration Bypass Vulnerability - File Removal and Empty File Creation Vulnerability - Information Disclosure Vulnerability last seen 2020-06-01 modified 2020-06-02 plugin id 19148 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19148 title FreeBSD : fcron -- multiple vulnerabilities (e480ccb2-6bc8-11d9-8dbe-000a95bc6fae)
References
- http://security.gentoo.org/glsa/glsa-200411-27.xml
- http://security.gentoo.org/glsa/glsa-200411-27.xml
- http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false
- http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false
- http://www.securityfocus.com/bid/11684
- http://www.securityfocus.com/bid/11684
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18075
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18075