Thibault Godouet Fcron Symbolic Link Vulnerability
   
   [1]_/info\_ [2]_/discussion\_ [3]_/exploit\_ [4]_/solution\_
   [5]_/credit\_ [6]_/help\_ 
   
   Bugtraq ID
   
   Each vulnerability in the Securityfocus.com database has a unique
   Bugtraq ID number. This ID number will soon become the defacto
   industry standard for identifying specific vulnerabilities.
   
   Securityfocus.com is currently working with security vendors to begin
   mapping their products back to the Bugtraq ID as the Bugtraq mailing
   list is the genesis of most public vulnerability information. This ID
   will server to provide a consistent, unified, and comparable mechanism
   so that the security community can easily determine if security
   products detects and / or corrects the applicable vulnerability.
   Classification
   
   Each vulnerability can be classified into one or more of the following
   categories.
   
   A boundary condition error occurs when:
    1. A process attempts to read or write beyond a valid address
       boundary.
     A system resource is exhausted.
     An error results from an overflow of a static-sized data structure.
       This is a classic buffer overflow condition.
       
   Access Validation Error
   
   An access validation error occurs when:
   
    1. A subject invokes an operation on an object outside its access
       domain.
     An error occurs as a result of reading or writing to/from a file or
       device outside a subject's access domain.
     An error results when an object acceptes input from and unauthorized
       subject.
     An error results because the system failed to properly or completely
       authenticate a subject.
       
   Input Validation Error
   
   An input validation error occurs when:
   
    1. An error occurs because a program failed to recognize
       syntactically incorrect input.
     An error results when a module accepted extraneous input fields.
     An error results when a module failed handle missing input fields.
     An error results because of a field-value correlation error.
       
   Failure to Handle Exceptional Conditions
   
    1. An error manifests itself because the system failed to handle an
       exceptional condition generated by a functional module, device, or
       user input.
       
   Race Condition Errors
   
    1. An error is exploited during a timing window between two
       operations.
       
   Serialization Errors
   
    1. An error results from inadequate or improper serialization of
       operations.
       
   Atomicity Errors
   
    1. An error occurs when partially-modified data structures were
       observed by another process.
     An error occurs because the code terminated with data only partially
       modified as part of some operation that should have been atomic.
       
   Environment Errors
   
    1. An error results from an interaction in a specific environment
       between functionally correct modules.
     An error occurs only when a program is executed on a specific
       machine, under a particular configuration.
     An error occurs because the operational environment is different
       from what the software was designed for.
       
   Configuration Errors
   
    1. An error results because of a system utility was installed with
       incorrect setup parameters.
     An error occurs by exploiting a system utility that was installed in
       the wrong place.
     An error occurs because access permissions were incorrectly set on a
       utility such that it violated the security policy.
       
   Remote
   
   The vulnerability is exploitable remotely via the network or other
   communication channel.
   
   Local
   
   The vulnerability is exploitable locally on the system or device.
   Published
   
   The date the vulnerability was made public.
   Updated
   
   The date the vulnerability was last updated in our database.
   Vulnerable
   
   This indicates the affected technology and related components. Each
   technology can have a strong or weak relationship to other components.
   Not Vulnerable
   
   This indicates the technology and related components are not
   vulnerable. Each technology can have a strong or weak relationship to
   other components.
   
                < [7]http://www.securityfocus.com/bid/2835 >
   For additions or corrections please email [8]vuldb@securityfocus.com.
            [9]Disclaimer | [10]About The Vulnerability Database
                                      
                           [11]Privacy Statement
                [12]Copyright © 1999-2001 SecurityFocus.com

References

   1. http://www.securityfocus.com/vdb/bottom.html?vid=2835
   2. http://www.securityfocus.com/vdb/bottom.html?section=discussion&vid=2835
   3. http://www.securityfocus.com/vdb/bottom.html?section=exploit&vid=2835
   4. http://www.securityfocus.com/vdb/bottom.html?section=solution&vid=2835
   5. http://www.securityfocus.com/vdb/bottom.html?section=credit&vid=2835
   6. http://www.securityfocus.com/vdb/bottom.html?section=help&vid=2835
   7. http://www.securityfocus.com/bid/2835
   8. mailto:vuldb@securityfocus.com
   9. http://www.securityfocus.com/legalize/vdb_disclaimer.html
  10. http://www.securityfocus.com/about/vuldb.html
  11. http://www.securityfocus.com/account/privacy.html
  12. http://www.securityfocus.com/legalize/copyright.html