Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbSuSE SecurityEDB-ID:21229
HistoryJan 16, 2002 - 12:00 a.m.

AT 3.1.8 - Formatted Time Heap Overflow

2002-01-1600:00:00
SuSE Security
www.exploit-db.com
16

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/3886/info

at is a freely available, open source scheduler package. It is included with various Unix and Linux operating systems, and maintained by public domain.

Under some circumstances, at does not correctly handle time input. A local user attempting to schedule a task via commandline execution and using a maliciously crafted time format can cause heap corruption in at. As the at program is installed setuid root in most implementations, this could result in the execution of arbitrary code with administrative privileges. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21229.tar.gz

Related

openvas 4
nvd 1
cve 1
cvelist 1
nessus 2
suse 1
openvas
openvas
Debian Security Advisory DSA 102-1 (at)
2008-01-17 00:00:00
Debian Security Advisory DSA 102-1 (at)
2008-01-17 00:00:00
Debian Security Advisory DSA 102-2 (at)
2008-01-17 00:00:00
nvd
nvd
CVE-2002-0004
2002-02-27 05:00:00
cve
cve
CVE-2002-0004
2002-06-25 04:00:00
cvelist
cvelist
CVE-2002-0004
2002-06-25 04:00:00
nessus
nessus
Debian DSA-102-2 : at - daemon exploit
2004-09-29 00:00:00
Mandrake Linux Security Advisory : at (MDKSA-2002:007)
2004-07-31 00:00:00
suse
suse
local privilege escalation in at
2002-01-16 15:44:14

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:21229
openvas4nvd1cve1cvelist1nessus2suse1