header-logo
Suggest Exploit
vendor:
Fcron
by:
SecurityFocus
7.2
CVSS
HIGH
Buffer-Overflow
120 (Buffer Copy without Checking Size of Input)
CWE
Product Name: Fcron
Affected Version From: 3
Affected Version To: 3
Patch Exists: YES
Related CWE: N/A
CPE: a:fcron:fcron
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2005

Fcron Local Buffer-Overflow Vulnerability

Fcron is susceptible to a local buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. This issue allows local attackers to execute arbitrary machine code with superuser privileges, since the affected utility is installed setuid-superuser by default in some installations. This allows attackers to completely compromise affected computers.

Mitigation:

Update to the latest version of Fcron and ensure that user-supplied data is properly bounds-checked before copying it to an insufficiently sized memory buffer.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16467/info

Fcron is susceptible to a local buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

This issue allows local attackers to execute arbitrary machine code with superuser privileges, since the affected utility is installed setuid-superuser by default in some installations. This allows attackers to completely compromise affected computers.

Fcron version 3.0 is affected by this issue; previous versions may also be affected.

Update: This issue is now retired. Further analysis reveals that this issue cannot be exploited for code execution; therefore, this is not a vulnerability.

convert-fcrontab `perl -e 'print "pi3"x600'`

Navigation

Suggest Exploit

Services By CQR