[4687] in bugtraq
Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program
daemon@ATHENA.MIT.EDU (Thomas Koenig)
Sat Jun 14 16:52:52 1997
Date: Sat, 14 Jun 1997 19:44:58 +0200
Reply-To: Thomas =?ISO-8859-1?Q?K=F6nig?= <Thomas.Koenig@ciw.uni-karlsruhe.de>
From: Thomas Koenig <ig25@MVMAP66.CIW.UNI-KARLSRUHE.DE>
X-To: nolander@WEBSERVICES.SE
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.95.970613051958.17139A-100000@darksea> from The
Nolander at "Jun 13, 97 05:26:28 am"
The Nolander wrote:
>Uhm.. Atleast I have known of this at vulnerability for a while... Even
>though it still exists on atleast my Linux box I can't say it's easy
>exploitable.. (at complains about garbled time when trying with some "not
>nice" stuff)..
Where, exactly? The CERT advisory was talking about commercial
systems. The Linux implementation of at(1) is entirely written
from scratch.
There was a "obtain root" hole in earlier versions of
at (somewhere pre 2.7, and not caused by a buffer overrun), plus
an off-by-one error some time ago. All of these are believed fixed
in 2.9b, the current public version of at.
BTW, "garbled time" is an indication that at could not parse the date
it was handed.
--
Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.
