CVE-2004-1031
Fcron 2.0.1 and 2.9.4 - Unauthenticated Configuration File Overwrite via /proc Entry
Title source: llmDescription
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.
References (4)
Core 4
Core References
Various Sources third-party-advisory
x_refsource_idefense
http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11684
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200411-27.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18076
Scores
EPSS
0.0005
EPSS Percentile
14.6%
Details
Status
published
Products (3)
gentoo/linux
thibault_godouet/fcron
2.0.1
thibault_godouet/fcron
2.9.4
Published
Mar 01, 2005
Tracked Since
Feb 18, 2026