Description
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string.
References (3)
Core 3
Core References
Various Sources third-party-advisory
x_refsource_idefense
http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false
Patch, Vendor Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200411-27.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18077
Scores
EPSS
0.0006
EPSS Percentile
18.5%
Details
Status
published
Products (3)
gentoo/linux
thibault_godouet/fcron
2.0.1
thibault_godouet/fcron
2.9.4
Published
Mar 01, 2005
Tracked Since
Feb 18, 2026