CVE-2003-1073

2003-12-31T05:00:00
ID CVE-2003-1073
Type cve
Reporter cve@mitre.org
Modified 2018-10-30T16:26:00

Description

A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.