CVE-2004-1033
fcron 2.0.1 and 2.9.4 - Unauthenticated File Descriptor Leak via EDITOR Environment Variable
Title source: llmDescription
Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.
References (4)
Core 4
Core References
Various Sources third-party-advisory
x_refsource_idefense
http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11684
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200411-27.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18078
Scores
EPSS
0.0007
EPSS Percentile
21.7%
Details
Status
published
Products (3)
gentoo/linux
thibault_godouet/fcron
2.0.1
thibault_godouet/fcron
2.9.4
Published
Mar 01, 2005
Tracked Since
Feb 18, 2026