The "at" commands on Mac OS X 10.3.7 and previous versions do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple mac os x server 10.3.7 |
||
apple mac os x 10.3.7 |
||
apple mac os x 10.3.4 |