local privilege escalation in at

2002-01-1615:44:14

lists.opensuse.org

0.0004 Low

EPSS

Percentile

0.4%

JSON

The ‘at’ command reads commands from standard input for execution at a later time specified on the command line. If such an execution time is given in a carefully drafted (but wrong) format, the at command may crash as a result of a surplus call to free(). The cause of the crash is a heap corruption that is exploitable under certain circumstances since the /usr/bin/at command is installed setuid root.

OSVersionArchitecturePackageVersionFilename
openSUSE7.1alphaat< 3.1.8-360at-3.1.8-360.alpha.rpm
openSUSE7.3ppcat< 3.1.8-363at-3.1.8-363.ppc.rpm
openSUSE7.0alphaat< 3.1.8-361at-3.1.8-361.alpha.rpm
openSUSE6.4ppcat< 3.1.8-362at-3.1.8-362.ppc.rpm
openSUSE7.0ppcat< 3.1.8-362at-3.1.8-362.ppc.rpm
openSUSE7.1sparcat< 3.1.8-356at-3.1.8-356.sparc.rpm
openSUSE7.2i386at< 3.1.8-458at-3.1.8-458.i386.rpm
openSUSE6.4alphaat< 3.1.8-361at-3.1.8-361.alpha.rpm
openSUSE7.0i386at< 3.1.8-459at-3.1.8-459.i386.rpm
openSUSE7.1i386at< 3.1.8-458at-3.1.8-458.i386.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	7.1	alpha	at	< 3.1.8-360	at-3.1.8-360.alpha.rpm
openSUSE	7.3	ppc	at	< 3.1.8-363	at-3.1.8-363.ppc.rpm
openSUSE	7.0	alpha	at	< 3.1.8-361	at-3.1.8-361.alpha.rpm
openSUSE	6.4	ppc	at	< 3.1.8-362	at-3.1.8-362.ppc.rpm
openSUSE	7.0	ppc	at	< 3.1.8-362	at-3.1.8-362.ppc.rpm
openSUSE	7.1	sparc	at	< 3.1.8-356	at-3.1.8-356.sparc.rpm
openSUSE	7.2	i386	at	< 3.1.8-458	at-3.1.8-458.i386.rpm
openSUSE	6.4	alpha	at	< 3.1.8-361	at-3.1.8-361.alpha.rpm
openSUSE	7.0	i386	at	< 3.1.8-459	at-3.1.8-459.i386.rpm
openSUSE	7.1	i386	at	< 3.1.8-458	at-3.1.8-458.i386.rpm

Rows per page:

1-10 of 151

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for SUSE-SA:2002:003