1.9

CVE-2010-0792

fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Thibault GodouetFcron Version <= 3.0.4
Thibault GodouetFcron Version0.8.0
Thibault GodouetFcron Version0.8.1
Thibault GodouetFcron Version0.8.2
Thibault GodouetFcron Version0.9.0
Thibault GodouetFcron Version0.9.1
Thibault GodouetFcron Version0.9.2.1
Thibault GodouetFcron Version0.9.3
Thibault GodouetFcron Version0.9.4
Thibault GodouetFcron Version0.9.5
Thibault GodouetFcron Version1.0.0
Thibault GodouetFcron Version1.0.1
Thibault GodouetFcron Version1.0.2
Thibault GodouetFcron Version1.0.3
Thibault GodouetFcron Version1.1.0
Thibault GodouetFcron Version1.1.1
Thibault GodouetFcron Version2.0.0
Thibault GodouetFcron Version2.0.1
Thibault GodouetFcron Version2.0.2
Thibault GodouetFcron Version2.1.0
Thibault GodouetFcron Version2.9.0
Thibault GodouetFcron Version2.9.1
Thibault GodouetFcron Version2.9.2
Thibault GodouetFcron Version2.9.3
Thibault GodouetFcron Version2.9.4
Thibault GodouetFcron Version2.9.5
Thibault GodouetFcron Version2.9.5.1
Thibault GodouetFcron Version2.9.6
Thibault GodouetFcron Version2.9.7
Thibault GodouetFcron Version3.0.0
Thibault GodouetFcron Version3.0.1
Thibault GodouetFcron Version3.0.2
Thibault GodouetFcron Version3.0.3
Thibault GodouetFcron Version3.0.3 Updaterc1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.268
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://fcron.free.fr/
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038150.html
http://seclists.org/fulldisclosure/2010/Mar/97
http://secunia.com/advisories/38796
Vendor Advisory
http://secunia.com/advisories/39195
http://securitytracker.com/id?1023677
http://www.osvdb.org/62718
http://www.securityfocus.com/archive/1/509873/100/0/threaded
http://www.securityfocus.com/bid/38531
Patch
http://www.vupen.com/english/advisories/2010/0730
https://exchange.xforce.ibmcloud.com/vulnerabilities/56680