BID:25693

Fcron Convert-FCronTab Directory Traversal Vulnerability

Info

Fcron Convert-FCronTab Directory Traversal Vulnerability

Bugtraq ID:	25693
Class:	Access Validation Error
CVE:	CVE-2006-0575
Remote:	No
Local:	Yes
Published:	Feb 09 2006 12:00AM
Updated:	Mar 13 2008 03:01PM
Credit:	Karol Wiesek discovered this issue.
Vulnerable:	Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Operating System Enterprise Server 2.0 Fcron Fcron 3.0 Fcron Fcron 2.9.5

Not Vulnerable:

Discussion

Fcron Convert-FCronTab Directory Traversal Vulnerability

Fcron is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied data to 'convert-fcrontab'.

Attackers can exploit this issue via symbolic-link attacks to create or overwrite arbitrary files with superuser privileges.

Fcron 2.9.5 is vulnerable; other versions may also be affected.

Exploit / POC

Fcron Convert-FCronTab Directory Traversal Vulnerability

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Fcron Convert-FCronTab Directory Traversal Vulnerability

Solution:
Updates have been released to address this issue. Please see the referenced advisories for more information.

References

Fcron Convert-FCronTab Directory Traversal Vulnerability

References:

Fcron Homepage (Fcron)
TSLSA-2006-0006 (Trustix)