The ‘at’ command reads commands from standard input for execution at a later time specified on the command line. If such an execution time is given in a carefully drafted (but wrong) format, the at command may crash as a result of a surplus call to free(). The cause of the crash is a heap corruption that is exploitable under certain circumstances since the /usr/bin/at command is installed setuid root.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 7.1 | alpha | at | < 3.1.8-360 | at-3.1.8-360.alpha.rpm |
openSUSE | 7.3 | ppc | at | < 3.1.8-363 | at-3.1.8-363.ppc.rpm |
openSUSE | 7.0 | alpha | at | < 3.1.8-361 | at-3.1.8-361.alpha.rpm |
openSUSE | 6.4 | ppc | at | < 3.1.8-362 | at-3.1.8-362.ppc.rpm |
openSUSE | 7.0 | ppc | at | < 3.1.8-362 | at-3.1.8-362.ppc.rpm |
openSUSE | 7.1 | sparc | at | < 3.1.8-356 | at-3.1.8-356.sparc.rpm |
openSUSE | 7.2 | i386 | at | < 3.1.8-458 | at-3.1.8-458.i386.rpm |
openSUSE | 6.4 | alpha | at | < 3.1.8-361 | at-3.1.8-361.alpha.rpm |
openSUSE | 7.0 | i386 | at | < 3.1.8-459 | at-3.1.8-459.i386.rpm |
openSUSE | 7.1 | i386 | at | < 3.1.8-458 | at-3.1.8-458.i386.rpm |