Vulnerabilities > CVE-2004-1032

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
local
low complexity
thibault-godouet
gentoo
nessus

Summary

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string.

Vulnerable Configurations

Part Description Count
Application
Thibault_Godouet
2
OS
Gentoo
1

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200411-27.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200411-27 (Fcron: Multiple vulnerabilities) Due to design errors in the fcronsighup program, Fcron may allow a local user to bypass access restrictions (CAN-2004-1031), view the contents of root owned files (CAN-2004-1030), remove arbitrary files or create empty files (CAN-2004-1032), and send a SIGHUP to any process. A vulnerability also exists in fcrontab which may allow local users to view the contents of fcron.allow and fcron.deny (CAN-2004-1033). Impact : A local attacker could exploit these vulnerabilities to perform a Denial of Service on the system running Fcron. Workaround : Make sure the fcronsighup and fcrontab binaries are only executable by trusted users.
    last seen2020-06-01
    modified2020-06-02
    plugin id15768
    published2004-11-19
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15768
    titleGLSA-200411-27 : Fcron: Multiple vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_E480CCB26BC811D98DBE000A95BC6FAE.NASL
    descriptionAn iDEFENSE Security Advisory states : Multiple vulnerabilities have been found in Fcron. - File contents disclosure - Configuration Bypass Vulnerability - File Removal and Empty File Creation Vulnerability - Information Disclosure Vulnerability
    last seen2020-06-01
    modified2020-06-02
    plugin id19148
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19148
    titleFreeBSD : fcron -- multiple vulnerabilities (e480ccb2-6bc8-11d9-8dbe-000a95bc6fae)