A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:46
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0044.html - | |
References | () http://isec.pl/vulnerabilities/isec-0008-sun-at.txt - | |
References | () http://secunia.com/advisories/7960/ - Patch | |
References | () http://sunsolve.sun.com/search/document.do?assetkey=1-26-50161-1 - Vendor Advisory | |
References | () http://www.ciac.org/ciac/bulletins/n-070.shtml - | |
References | () http://www.securityfocus.com/archive/1/308577 - | |
References | () http://www.securityfocus.com/bid/6692 - | |
References | () http://www.securityfocus.com/bid/6693 - | |
References | () http://www.securitytracker.com/id?1005994 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/11179 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/11180 - |
Information
Published : 2003-12-31 05:00
Updated : 2024-11-20 23:46
NVD link : CVE-2003-1073
Mitre link : CVE-2003-1073
CVE.ORG link : CVE-2003-1073
JSON object : View
Products Affected
sun
- solaris
- sunos
CWE