Sun Solaris 2.5/2.6/7.0/8/9 AT Command Arbitrary File Deletion Vulnerability

ID SSV:76013
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


The at utility shipped with Sun Solaris may be prone to an issue which may allow attackers to delete arbitrary files on the system.

The vulnerability occurs when using at with the '-r' option. This option is used to remove previously scheduled at jobs. The vulnerability exists because at does not properly sanitize parameters submitted as part of the -r commandline option.

A local attacker can cause at to delete arbitrary files on the system.

/usr/bin/at -r ../../../../tmp/foo