[7646] in bugtraq
Re: irix-6.2 "at -f" vulnerability
daemon@ATHENA.MIT.EDU (Liam O. Forbes)
Wed Aug 12 22:35:31 1998
Date: Wed, 12 Aug 1998 15:15:04 -0800
Reply-To: lforbes@ARSC.EDU
From: "Liam O. Forbes" <lforbes@ARSC.EDU>
X-To: Michael S Kluskens <kluskens@CRYSTAL.NRL.NAVY.MIL>
To: BUGTRAQ@NETSPACE.ORG
Michael S Kluskens wrote:
>
> >> -------
> >> Subject: irix-6.2 "at -f" vulnerability
> >>
> >
> >for irix 6.2 the patch is 2866 or its current successor 3182 (buried in what
> >is called a "commands patch + y2k"
> >
>
> On our IRIX 6.2 system patched with 2866, this vulnerability still exists.
>
> Michael
On our systems, patched with 3182, the problem appears to be fixed. Using at -f
on a file which you don't have permission to read, results in a you don't have
permissions message. Funny how that makes sense.
--
Liam Forbes lforbes@arsc.edu http://www.arsc.edu/~lforbes
Box 756020 910 Yukon Dr. Suite 106 Fairbanks Ak 99775-6020
907-474-1898 fax: 907-474-5494 check web page for PGP key
High Performance Computing Systems Programmer/Analyst I
The software said Windows 95 or better, so I installed Linux
