CVE-2004-1031 - Vulnerability Details - OpenCVE

ReportizFlow

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gentoo	Linux
Thibault Godouet	Fcron

Configuration 1 [-]

OR	cpe:2.3:a:thibault_godouet:fcron:2.0.1:::::::*
	cpe:2.3:a:thibault_godouet:fcron:2.9.4:::::::*

Configuration 2 [-]

cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://security.gentoo.org/glsa/glsa-200411-27.xml
http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false
http://www.securityfocus.com/bid/11684
https://exchange.xforce.ibmcloud.com/vulnerabilities/18076

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-11-24T05:00:00

Updated: 2024-08-08T00:39:00.423Z

Reserved: 2004-11-12T00:00:00

Link: CVE-2004-1031

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-03-01T05:00:00.000

Modified: 2024-11-20T23:49:56.860

Link: CVE-2004-1031

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20041115 Multiple Security Vulnerabilities in Fcron", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false"}, {"name": "11684", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/11684"}, {"name": "GLSA-200411-27", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200411-27.xml"}, {"name": "fcron-fcronsighup-restrictions-bypass(18076)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18076"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2004-1031", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20041115 Multiple Security Vulnerabilities in Fcron", "refsource": "IDEFENSE", "url": "http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false"}, {"name": "11684", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11684"}, {"name": "GLSA-200411-27", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200411-27.xml"}, {"name": "fcron-fcronsighup-restrictions-bypass(18076)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18076"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:39:00.423Z"}, "title": "CVE Program Container", "references": [{"name": "20041115 Multiple Security Vulnerabilities in Fcron", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false"}, {"name": "11684", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/11684"}, {"name": "GLSA-200411-27", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200411-27.xml"}, {"name": "fcron-fcronsighup-restrictions-bypass(18076)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18076"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1031", "datePublished": "2004-11-24T05:00:00", "dateReserved": "2004-11-12T00:00:00", "dateUpdated": "2024-08-08T00:39:00.423Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:thibault_godouet:fcron:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2CC6BD83-D454-4FD8-904D-0A7C083F7AD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:thibault_godouet:fcron:2.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "2688EE86-C1A6-466B-B52E-11CFAE118335", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ."}], "id": "CVE-2004-1031", "lastModified": "2024-11-20T23:49:56.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-03-01T05:00:00.000", "references": [{"source": "[email protected]", "url": "http://security.gentoo.org/glsa/glsa-200411-27.xml"}, {"source": "[email protected]", "url": "http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false"}, {"source": "[email protected]", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/11684"}, {"source": "[email protected]", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200411-27.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/11684"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18076"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "[email protected]", "type": "Primary"}]}