9 lines
No EOL
682 B
Text
9 lines
No EOL
682 B
Text
source: https://www.securityfocus.com/bid/331/info
|
|
|
|
A vulnerability exists in NetBSD version 1.3.2 and lower, and Silicon Graphics Inc's IRIX versions 6.2, 6.3, 6.4, 6.5 and 6.5.1. The at(1) program can be supplied with a -f flag, and an error is access validation can result in the mailing of portions of unreadable files to any user who can run at.
|
|
|
|
At uses seteuid to set the appropriate user id to run under. However, it incorrectly sets its real and effective uid to 0 prior to opening the filename passed to the -f flag. This allows any user to read any file on the filesystem.
|
|
|
|
$ at -f /etc/shadow now + 1 minute
|
|
|
|
This will mail back a portion of the shadow file to the user. |