Fcron is reported prone to multiple local vulnerabilities. The following issues are reported: A local information disclosure vulnerability is reported to affect fcronsighup. It is reported that the affected utility will attempt to parse configuration files that are passed to the utility as a command line argument. A local attacker may exploit this condition to reveal the contents of arbitrary files that are owned by the superuser. This vulnerability is assigned the following MITRE CVE identifier: CAN-2004-1030. An access control bypass vulnerability is also reported to affect fcronsighup. It is reported that the issue exists due to a design error. A local attacker may exploit this vulnerability to make configuration changes to fcronsighup. This vulnerability is assigned the following MITRE CVE identifier: CAN-2004-1031. fcronsighup is reported prone to an arbitrary file deletion vulnerability. By exploiting the aforementioned access control bypass vulnerability, a local attacker...
Fcron is reported prone to multiple local vulnerabilities. The following issues are reported: A local information disclosure vulnerability is reported to affect fcronsighup. It is reported that the affected utility will attempt to parse configuration files that are passed to the utility as a command line argument. A local attacker may exploit this condition to reveal the contents of arbitrary files that are owned by the superuser. This vulnerability is assigned the following MITRE CVE identifier: CAN-2004-1030. An access control bypass vulnerability is also reported to affect fcronsighup. It is reported that the issue exists due to a design error. A local attacker may exploit this vulnerability to make configuration changes to fcronsighup. This vulnerability is assigned the following MITRE CVE identifier: CAN-2004-1031. fcronsighup is reported prone to an arbitrary file deletion vulnerability. By exploiting the aforementioned access control bypass vulnerability, a local attacker may influence the fcronsighup configuration and may cause the application to overwrite arbitrary attacker specified files. This vulnerability is assigned the following MITRE CVE identifier: CAN-2004-1032. Finally it is reported that the fcrontab component of Fcron leaks file descriptors. This can result in sensitive information disclosure. Specifically, fcrontab leaks the file descriptors of the '/etc/fcron.allow' and '/etc/fcron.deny' files. This vulnerability is assigned the following MITRE CVE identifier: CAN-2004-1033.
