CVE-2004-1033
First published: Wed Nov 24 2004(Updated: )
Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thibault Godouet FCron | =2.9.4 | |
| Thibault Godouet FCron | =2.0.1 | |
| Gentoo Linux |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-1033?
CVE-2004-1033 has a medium severity rating due to the potential for local users to bypass access restrictions.
How do I fix CVE-2004-1033?
To fix CVE-2004-1033, update Fcron to version 2.9.5 or later to prevent file descriptor leakage.
Which versions of Fcron are affected by CVE-2004-1033?
CVE-2004-1033 affects Fcron versions 2.0.1 and 2.9.4, and possibly earlier versions.
Can local users exploit CVE-2004-1033?
Yes, local users can exploit CVE-2004-1033 to read sensitive access control files like fcron.allow and fcron.deny.
Is this vulnerability present in Gentoo Linux?
Yes, Gentoo Linux is listed among the affected systems for CVE-2004-1033, particularly with the vulnerable versions of Fcron.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/thibault godouet
- canonical/thibault godouet fcron
- version/thibault godouet fcron/2.9.4
- version/thibault godouet fcron/2.0.1
- vendor/gentoo
- canonical/gentoo linux