CVE-2004-1033

medium

Description

Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/18078

http://www.securityfocus.com/bid/11684

http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false

http://security.gentoo.org/glsa/glsa-200411-27.xml

Details

Source: Mitre, NVD

Published: 2005-03-01

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

Detections

Analytics