Vulnerabilities > CVE-2004-1031 - Local vulnerability in Fcron FCronTab/FCronSighUp
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 | |
| OS | 1 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200411-27.NASL description The remote host is affected by the vulnerability described in GLSA-200411-27 (Fcron: Multiple vulnerabilities) Due to design errors in the fcronsighup program, Fcron may allow a local user to bypass access restrictions (CAN-2004-1031), view the contents of root owned files (CAN-2004-1030), remove arbitrary files or create empty files (CAN-2004-1032), and send a SIGHUP to any process. A vulnerability also exists in fcrontab which may allow local users to view the contents of fcron.allow and fcron.deny (CAN-2004-1033). Impact : A local attacker could exploit these vulnerabilities to perform a Denial of Service on the system running Fcron. Workaround : Make sure the fcronsighup and fcrontab binaries are only executable by trusted users. last seen 2020-06-01 modified 2020-06-02 plugin id 15768 published 2004-11-19 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15768 title GLSA-200411-27 : Fcron: Multiple vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_E480CCB26BC811D98DBE000A95BC6FAE.NASL description An iDEFENSE Security Advisory states : Multiple vulnerabilities have been found in Fcron. - File contents disclosure - Configuration Bypass Vulnerability - File Removal and Empty File Creation Vulnerability - Information Disclosure Vulnerability last seen 2020-06-01 modified 2020-06-02 plugin id 19148 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19148 title FreeBSD : fcron -- multiple vulnerabilities (e480ccb2-6bc8-11d9-8dbe-000a95bc6fae)