fcron 'fcronsighup' Bugs Let Local Users View and Delete Files
Categorie: Vulnerability Posted: 2004-11-18 by ReCall Views: 486 Source: Click here
Current Rating: Not rated
Details
Description: iDEFENSE reported several vulnerabilities in fcron. A local user can view and delete arbitrary files on the target system. A local user can also supply an alternate configuration file.
It is reported that a local user can exploit the fcronsighup script to view arbitrary files with root privileges [CVE: CAN-2004-1030]. The local user can supply the file to be viewed as a parameter to fcronsighup, which will then attempt to parse the specified file as a configuration file. Lines that cannot be parsed will be displayed in an error message. A demonstration exploit command is provided:
fcronsighup /etc/shadow
It is also reported that a local user can direct the fcronsighup configuration file to a /proc entry owned by the 'root' user to supply arbitrary configuration settings to fcronsighup [CVE: CAN-2004-1031].
It is also reported that a local user can cause arbitrary files to be deleted [CVE CAN-2004-1032].
It is also reported that a local user can view the contents of the 'fcron.allow' and 'fcron.deny' files due to a file descriptor leak [CVE: CAN-2004-1033].
Karol Wiesek is credited with discovering these vulnerabilities.
