CVE-2004-1031

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/11684	Patch Vendor Advisory
http://security.gentoo.org/glsa/glsa-200411-27.xml
http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false
https://exchange.xforce.ibmcloud.com/vulnerabilities/18076

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:thibault_godouet:fcron:2.9.4:::::::*
	cpe:2.3:a:thibault_godouet:fcron:2.0.1:::::::*

Configuration 2 (hide)

cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

Information

Published : 2005-02-28 21:00

Updated : 2017-07-10 18:30

NVD link : CVE-2004-1031

Mitre link : CVE-2004-1031

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

thibault_godouet

fcron

gentoo

linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/11684", "name": "11684", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://security.gentoo.org/glsa/glsa-200411-27.xml", "name": "GLSA-200411-27", "tags": [], "refsource": "GENTOO"}, {"url": "http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false", "name": "20041115 Multiple Security Vulnerabilities in Fcron", "tags": [], "refsource": "IDEFENSE"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18076", "name": "fcron-fcronsighup-restrictions-bypass(18076)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-1031", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-03-01T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:thibault_godouet:fcron:2.9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:thibault_godouet:fcron:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:30Z"}