[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] local root exploit in at

To: linux-security
Subject: [linux-security] local root exploit in at
From: Martin Siegert <siegert@sfu.ca>
Date: Fri, 25 Jan 2002 20:00:09 -0800
User-Agent: Mutt/1.2.5.1i

Topic
=====
local root exploit in at

Problem Description
===================
The 'at' command reads commands from standard input for execution at a
later time specified on the command line. If such an execution time is
given in a carefully drafted (but wrong) format, the at command may
crash as a result of a surplus call to free(). The cause of the crash
is a heap corruption that is exploitable under certain circumstances
since the /usr/bin/at command is installed setuid root.

Affected Systems
================
all versions of at including the latest version 3.1.8

Workaround
==========
uninstall at (do you need it?):

# rpm -e at

Solution
========
Upgrade to a patched version of at for your distribution

RedHat 6.x
----------
rpm -Fvh at-3.1.8-22.1.i386.rpm

RedHat 7.x
----------
rpm -Fvh at-3.1.8-23.i386.rpm

Debian 2.2 (potato)
-------------------
upgrade to at_3.1.8-10.2_i386.deb

Mandrake 8.1
------------
rpm -Fvh at-3.1.8-4.1mdk.i586.rpm

Prev by Date: [linux-security] xchat vlunerabilities
Next by Date: [linux-security] rsync remote root exploit
Prev by thread: Re: [linux-security] rsync remote root exploit
Next by thread: [linux-security] xchat vlunerabilities
Index(es):
- Date
- Thread