CVE-2004-1032

Name of the Vulnerable Software and Affected Versions: Fcron versions 2.0.1, 2.9.4, and possibly earlier versions

Description: The issue allows local users to delete arbitrary files or create arbitrary empty files. This is achieved by providing a target filename with a large number of leading slash (/) characters, which causes the software to not properly append the intended fcrontab.sig to the resulting string.

Recommendations: For Fcron versions 2.0.1 and 2.9.4, and possibly earlier versions, consider restricting access to the fcronsighup functionality until a patch is available. As a temporary workaround, consider implementing input validation to prevent target filenames with a large number of leading slash (/) characters. At the moment, there is no information about a newer version that contains a fix for this vulnerability.