CVE-2004-1033
published 2005-03-01CVE-2004-1033: Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read…
PriorityP48low2.1CVSS 2.0
AVLACLAuNCPINAN
EPSS
0.36%
28.3th percentile
Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| thibault_godouet | fcron | — | — |
| thibault_godouet | fcron | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
mitre_cwe·CVSS 7.2
[HIGH] CWE-403 Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
CWE-403: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors.
When a new process is forked or executed, the child process inherits any open file descriptors. When the child process has fewer privileges than the parent process, this might introduce a vulnerability if the child process can access the file descriptor but does not have the privileges to access the associated file.
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope: Confidentiality, Integrity. Impact: Read
CWE
Transmission of Private Resources into a New Sphere ('Resource Leak')
mitre_cwe·CVSS 4.6
[MEDIUM] CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak')
CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Common Consequences:
Scope: Confidentiality. Impact: Read Application Data.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with
http://security.gentoo.org/glsa/glsa-200411-27.xmlhttp://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=falsehttp://www.securityfocus.com/bid/11684https://exchange.xforce.ibmcloud.com/vulnerabilities/18078http://security.gentoo.org/glsa/glsa-200411-27.xmlhttp://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=falsehttp://www.securityfocus.com/bid/11684https://exchange.xforce.ibmcloud.com/vulnerabilities/18078
2005-03-01
Published