Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23316
HistoryMar 04, 2010 - 12:00 a.m.

fcrontab Information Disclosure Vulnerability

2010-03-0400:00:00
vulners.com
11
JSON

============================================
ย fcrontab Information Disclosure Vulnerability
ย March 3, 2010
ย CVE-2010-0792

==Description==

fcrontab, part of the fcron scheduler, is vulnerable to several race
conditions that allow a local attacker to use symbolic links to read
unauthorized files.ย  On systems where fcrontab is installed with its
own "fcron" group, this allows an attacker to read other non-root
users' crontabs and fcron configuration files.ย  On systems where
fcrontab is installed suid root, this allows an attacker to read arbitrary
files.

==Solution==

The developer has released a new version, 3.0.5, to address these
vulnerabilities.ย  It is available for download on the developer's
website, http://fcron.free.fr.ย  Users are advised to recompile from
source or download updated packages from downstream distributors
when they become available.

==Credits==

This vulnerability was discovered by Dan Rosenberg
([email protected]).
Thanks to Thibault Godouet for his prompt response and new release.

==References==

CVE identifier CVE-2010-0792 has been assigned to this issue.

Related

fedora 2
gentoo 1
mageia 1
securityvulns 1
openvas 4
nessus 3
cve 1
ubuntucve 1
prion 1
fedora
fedora
[SECURITY] Fedora 13 Update: fcron-3.0.5-1.fc13
2010-04-01 17:19:03
[SECURITY] Fedora 12 Update: fcron-3.0.5-1.fc12
2010-03-27 01:01:18
gentoo
gentoo
fcron: Information disclosure
2013-11-25 00:00:00
mageia
mageia
Updated fcron package fixes security vulnerability and init script
2013-12-19 02:57:02
securityvulns
securityvulns
fcron fcrontab symbolic links vulnerabilities
2010-03-04 00:00:00
openvas
openvas
Fedora Update for fcron FEDORA-2010-4063
2010-03-31 00:00:00
Mageia: Security Advisory (MGASA-2013-0377)
2022-01-28 00:00:00
Gentoo Security Advisory GLSA 201311-16
2015-09-29 00:00:00
nessus
nessus
Fedora 12 : fcron-3.0.5-1.fc12 (2010-4063)
2010-07-01 00:00:00
GLSA-201311-16 : fcron: Information disclosure
2013-11-26 00:00:00
Fedora 13 : fcron-3.0.5-1.fc13 (2010-4084)
2010-07-01 00:00:00
cve
cve
CVE-2010-0792
2010-03-05 19:30:00
ubuntucve
ubuntucve
CVE-2010-0792
2010-03-05 00:00:00
prion
prion
Design/Logic Flaw
2010-03-05 19:30:00
JSON
Related for SECURITYVULNS:DOC:23316
fedora2gentoo1mageia1securityvulns1openvas4nessus3cve1ubuntucve1prion1