[191] in linux-security and linux-alert archive
security hole in old versions of at for Linux
daemon@ATHENA.MIT.EDU (Thomas Koenig)
Mon Apr 3 19:07:06 1995
To: linux-alert@tarsier.cv.nrao.edu (linux-alert)
Date: Mon, 3 Apr 1995 22:59:00 +0200 (MET DST)
From: Thomas.Koenig@ciw.uni-karlsruhe.de (Thomas Koenig)
Reply-To: linux-security@tarsier.cv.nrao.edu
I've just been informed that earlier versions of my at/atrun package
for Linux had a bug which allowed root access for any authorized user
of the system.
This bug can only be exploited if the user can edit a job he's
submitted to the atrun queue.
If 'at -V' shows a version earlier than 2.7, or if the directory
/var/spool/atjobs (or, possibly, /usr/spool/atjobs) is world - executable,
you are vulnerable.
In that case, upgrade your system to at 2.7 or 2.7a immediately.
In the meantime, changing the permissions of /var/spool/atjobs to 700
will prevent unauthorized root access; this may also render the
'at' system unusable.
Non - vulnerable versions of at have been around for about 10
months, and have been included in the standard distributions.
--
Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.
