Vulnerability Description
Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Thibault Godouet | Fcron | 2.0.1 |
| Gentoo | Linux | All versions |
References
- http://security.gentoo.org/glsa/glsa-200411-27.xml
- http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flas
- http://www.securityfocus.com/bid/11684PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18078
- http://security.gentoo.org/glsa/glsa-200411-27.xml
- http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flas
- http://www.securityfocus.com/bid/11684PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18078
FAQ
What is CVE-2004-1033?
CVE-2004-1033 is a vulnerability with a CVSS score of 2.1 (LOW). Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environ...
How severe is CVE-2004-1033?
CVE-2004-1033 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1033?
Check the references section above for vendor advisories and patch information. Affected products include: Thibault Godouet Fcron, Gentoo Linux.