CVE-2003-1073
6.7 Medium
AI Score
Confidence
Low
1.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:H/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
8.9%
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with … (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.
References
archives.neohapsis.com/archives/vulnwatch/2003-q1/0044.html
isec.pl/vulnerabilities/isec-0008-sun-at.txt
secunia.com/advisories/7960/
sunsolve.sun.com/search/document.do?assetkey=1-26-50161-1
www.ciac.org/ciac/bulletins/n-070.shtml
www.securityfocus.com/archive/1/308577
www.securityfocus.com/bid/6692
www.securityfocus.com/bid/6693
www.securitytracker.com/id?1005994
exchange.xforce.ibmcloud.com/vulnerabilities/11179
exchange.xforce.ibmcloud.com/vulnerabilities/11180
Related
6.7 Medium
AI Score
Confidence
Low
1.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:H/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
8.9%