Vulnerabilities > CVE-2004-1031 - Local vulnerability in Fcron FCronTab/FCronSighUp

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
thibault-godouet
gentoo
nessus

Summary

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.

Vulnerable Configurations

Part Description Count
Application
Thibault_Godouet
2
OS
Gentoo
1

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200411-27.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200411-27 (Fcron: Multiple vulnerabilities) Due to design errors in the fcronsighup program, Fcron may allow a local user to bypass access restrictions (CAN-2004-1031), view the contents of root owned files (CAN-2004-1030), remove arbitrary files or create empty files (CAN-2004-1032), and send a SIGHUP to any process. A vulnerability also exists in fcrontab which may allow local users to view the contents of fcron.allow and fcron.deny (CAN-2004-1033). Impact : A local attacker could exploit these vulnerabilities to perform a Denial of Service on the system running Fcron. Workaround : Make sure the fcronsighup and fcrontab binaries are only executable by trusted users.
    last seen2020-06-01
    modified2020-06-02
    plugin id15768
    published2004-11-19
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15768
    titleGLSA-200411-27 : Fcron: Multiple vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_E480CCB26BC811D98DBE000A95BC6FAE.NASL
    descriptionAn iDEFENSE Security Advisory states : Multiple vulnerabilities have been found in Fcron. - File contents disclosure - Configuration Bypass Vulnerability - File Removal and Empty File Creation Vulnerability - Information Disclosure Vulnerability
    last seen2020-06-01
    modified2020-06-02
    plugin id19148
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19148
    titleFreeBSD : fcron -- multiple vulnerabilities (e480ccb2-6bc8-11d9-8dbe-000a95bc6fae)