Published: 31/12/2003 Updated: 30/10/2018

CVSS v2 Base Score: 1.2 | Impact Score: 2.9 | Exploitability Score: 1.9

VMScore: 125

Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N

A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun sunos 5.5
sun solaris 9.0
sun sunos 5.5.1
sun solaris 2.6
sun sunos -
sun sunos 5.7
sun solaris 7.0
sun sunos 5.8
sun solaris 8.0

source: wwwsecurityfocuscom/bid/6692//info The at utility shipped with Sun Solaris may be prone to an issue which may allow attackers to delete arbitrary files on the system The vulnerability occurs when using at with the '-r' option This option is used to remove previously scheduled at jobs The vulnerability exists because at does no ...

NVD-CWE-Other http://sunsolve.sun.com/search/document.do?assetkey=1-26-50161-1 http://secunia.com/advisories/7960/http://www.securityfocus.com/archive/1/308577 http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0044.html http://isec.pl/vulnerabilities/isec-0008-sun-at.txt http://www.ciac.org/ciac/bulletins/n-070.shtml http://www.securityfocus.com/bid/6692 http://www.securityfocus.com/bid/6693 http://www.securitytracker.com/id?1005994 https://exchange.xforce.ibmcloud.com/vulnerabilities/11180 https://exchange.xforce.ibmcloud.com/vulnerabilities/11179 https://nvd.nist.gov https://www.exploit-db.com/exploits/22203/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2003-1073

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect