CVE-2004-1033

Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/11684	Patch Vendor Advisory
http://security.gentoo.org/glsa/glsa-200411-27.xml
http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false
https://exchange.xforce.ibmcloud.com/vulnerabilities/18078

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:thibault_godouet:fcron:2.9.4:::::::*
	cpe:2.3:a:thibault_godouet:fcron:2.0.1:::::::*

Configuration 2 (hide)

cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

Information

Published : 2005-02-28 21:00

Updated : 2017-07-10 18:30

NVD link : CVE-2004-1033

Mitre link : CVE-2004-1033

JSON object : View

CWE

NVD-CWE-Other

Products Affected

thibault_godouet

fcron

gentoo

linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/11684", "name": "11684", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://security.gentoo.org/glsa/glsa-200411-27.xml", "name": "GLSA-200411-27", "tags": [], "refsource": "GENTOO"}, {"url": "http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false", "name": "20041115 Multiple Security Vulnerabilities in Fcron", "tags": [], "refsource": "IDEFENSE"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18078", "name": "fcron-fcrontab-obtain-info(18078)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-1033", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-03-01T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:thibault_godouet:fcron:2.9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:thibault_godouet:fcron:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:30Z"}

2.1 /10