header-logo
Suggest Exploit
vendor:
at
by:
SecurityFocus
7.2
CVSS
HIGH
Heap Corruption
119
CWE
Product Name: at
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unix and Linux
2002

at Heap Corruption Vulnerability

at is a freely available, open source scheduler package. It is included with various Unix and Linux operating systems, and maintained by public domain. Under some circumstances, at does not correctly handle time input. A local user attempting to schedule a task via commandline execution and using a maliciously crafted time format can cause heap corruption in at. As the at program is installed setuid root in most implementations, this could result in the execution of arbitrary code with administrative privileges.

Mitigation:

Update to the latest version of at.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3886/info

at is a freely available, open source scheduler package. It is included with various Unix and Linux operating systems, and maintained by public domain.

Under some circumstances, at does not correctly handle time input. A local user attempting to schedule a task via commandline execution and using a maliciously crafted time format can cause heap corruption in at. As the at program is installed setuid root in most implementations, this could result in the execution of arbitrary code with administrative privileges. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21229.tar.gz

Navigation

Suggest Exploit

Services By CQR