Thibault Godouet Fcron Symbolic Link Vulnerability [1]_/info\_ [2]_/discussion\_ [3]_/exploit\_ [4]_/solution\_ [5]_/credit\_ [6]_/help\_ FCron is an implementation of the popular UNIX program that runs user-specified programs at periodic scheduled times. fcron is vulnerable to symbolic link attacks. Because fcrontab makes insecure use of files created in /tmp, it is possible for an attacker to anticipate the expected name of a fcron tempfile, creating a symbolic link with the same name pointing to files on the system writable by the fcron user. This could allow an attacker to corrupt another user's crontab file, interfering with scheduled events and potentially creating a denial of service. < [7]http://www.securityfocus.com/bid/2835 > For additions or corrections please email [8]vuldb@securityfocus.com. [9]Disclaimer | [10]About The Vulnerability Database [11]Privacy Statement [12]Copyright © 1999-2001 SecurityFocus.com References 1. http://www.securityfocus.com/vdb/bottom.html?vid=2835 2. http://www.securityfocus.com/vdb/bottom.html?section=discussion&vid=2835 3. http://www.securityfocus.com/vdb/bottom.html?section=exploit&vid=2835 4. http://www.securityfocus.com/vdb/bottom.html?section=solution&vid=2835 5. http://www.securityfocus.com/vdb/bottom.html?section=credit&vid=2835 6. http://www.securityfocus.com/vdb/bottom.html?section=help&vid=2835 7. http://www.securityfocus.com/bid/2835 8. mailto:vuldb@securityfocus.com 9. http://www.securityfocus.com/legalize/vdb_disclaimer.html 10. http://www.securityfocus.com/about/vuldb.html 11. http://www.securityfocus.com/account/privacy.html 12. http://www.securityfocus.com/legalize/copyright.html