5 results (0.006 seconds)

CVSS: 1.9EPSS: 0%CPEs: 34EXPL: 0

fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file. fcrontab en fcron anteriores a v3.0.5 permite a usuarios locales leer ficheros arbitrarios a traves de un ataque de enlace simbolico en un fichero sin especificar. • http://fcron.free.fr http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038150.html http://seclists.org/fulldisclosure/2010/Mar/97 http://secunia.com/advisories/38796 http://secunia.com/advisories/39195 http://securitytracker.com/id?1023677 http://www.osvdb.org/62718 http://www.securityfocus.com/archive/1/509873/100/0/threaded http://www.securityfocus.com/bid/38531 http://www.vupen.com/english/advisories/2010/0730 https://exchange.xforce.ibmcloud.com/vulner • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ. • http://security.gentoo.org/glsa/glsa-200411-27.xml http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false http://www.securityfocus.com/bid/11684 https://exchange.xforce.ibmcloud.com/vulnerabilities/18076 •

CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string. • http://security.gentoo.org/glsa/glsa-200411-27.xml http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false https://exchange.xforce.ibmcloud.com/vulnerabilities/18077 •

CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message. • http://security.gentoo.org/glsa/glsa-200411-27.xml http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false http://www.securityfocus.com/bid/11684 https://exchange.xforce.ibmcloud.com/vulnerabilities/18075 •

CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0

Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable. • http://security.gentoo.org/glsa/glsa-200411-27.xml http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false http://www.securityfocus.com/bid/11684 https://exchange.xforce.ibmcloud.com/vulnerabilities/18078 •