Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program

Thomas Koenig (ig25@MVMAP66.CIW.UNI-KARLSRUHE.DE)
Sat, 14 Jun 1997 19:44:58 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Brown: "Re: rshd gives away usernames"
Previous message: Edwin Li-Kai Liu: "Re: Netscape Exploit... with technical details."
Maybe in reply to: Aleph One: "CERT Advisory CA-97.18 - Vulnerability in the at(1) program"

The Nolander wrote:
>Uhm.. Atleast I have known of this at vulnerability for a while... Even
>though it still exists on atleast my Linux box I can't say it's easy
>exploitable.. (at complains about garbled time when trying with some "not
>nice" stuff)..

Where, exactly? The CERT advisory was talking about commercial
systems. The Linux implementation of at(1) is entirely written
from scratch.

There was a "obtain root" hole in earlier versions of
at (somewhere pre 2.7, and not caused by a buffer overrun), plus
an off-by-one error some time ago. All of these are believed fixed
in 2.9b, the current public version of at.

BTW, "garbled time" is an indication that at could not parse the date
it was handed.

--
Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.

Next message: Alan Brown: "Re: rshd gives away usernames"
Previous message: Edwin Li-Kai Liu: "Re: Netscape Exploit... with technical details."
Maybe in reply to: Aleph One: "CERT Advisory CA-97.18 - Vulnerability in the at(1) program"