Vulnerability Description
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Thibault Godouet | Fcron | 2.0.1 |
| Gentoo | Linux | All versions |
References
- http://security.gentoo.org/glsa/glsa-200411-27.xml
- http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flas
- http://www.securityfocus.com/bid/11684PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18076
- http://security.gentoo.org/glsa/glsa-200411-27.xml
- http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flas
- http://www.securityfocus.com/bid/11684PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18076
FAQ
What is CVE-2004-1031?
CVE-2004-1031 is a vulnerability with a CVSS score of 7.2 (HIGH). fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the ...
How severe is CVE-2004-1031?
CVE-2004-1031 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1031?
Check the references section above for vendor advisories and patch information. Affected products include: Thibault Godouet Fcron, Gentoo Linux.