PT-2004-2028 · Fcron · Fcron

Publicado

2004-11-24

Atualizado

2017-07-11

CVE-2004-1033

CVSS v2.0

2.1

Baixa

Vetor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Fcron versions 2.0.1 through 2.9.4

Description: The issue allows local users to bypass access restrictions and read sensitive files, such as fcron.allow and fcron.deny, by exploiting the leak of file descriptors of open files via the EDITOR environment variable.

Recommendations: For Fcron versions 2.0.1 through 2.9.4, consider restricting access to the EDITOR environment variable to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-1033

Produtos afetados

Fcron

PT-2004-2028 · Fcron · Fcron

CVE-2004-1033

Identificadores relacionados

Produtos afetados

Referências · 5