Lucene search

K
exploitdbSuSE SecurityEDB-ID:21229
HistoryJan 16, 2002 - 12:00 a.m.

AT 3.1.8 - Formatted Time Heap Overflow

2002-01-1600:00:00
SuSE Security
www.exploit-db.com
17

AI Score

7.4

Confidence

Low

source: https://www.securityfocus.com/bid/3886/info

at is a freely available, open source scheduler package. It is included with various Unix and Linux operating systems, and maintained by public domain.

Under some circumstances, at does not correctly handle time input. A local user attempting to schedule a task via commandline execution and using a maliciously crafted time format can cause heap corruption in at. As the at program is installed setuid root in most implementations, this could result in the execution of arbitrary code with administrative privileges. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21229.tar.gz

AI Score

7.4

Confidence

Low

Related for EDB-ID:21229