Rapid7 Vulnerability & Exploit Database

RHSA-2002:015: Updated at package available

Back to Search

RHSA-2002:015: Updated at package available

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
02/27/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

This updated at package fixes two minor problems and one major problem where the environment can get wiped out prior to the execution of a scheduled command. For versions of Red Hat Linux prior to 7.2, this package also fixes a potential security vulnerability which can result in heap corruption (Red Hat Linux 7.2 is not vulnerable to this security exploit). Update 2002-02-01: The package for Red Hat Linux 6.2 tried to source a file in /etc/init.d, which doesn't exist on a standard system.

A server running the latest version of at could have commands that depend on the current environment (for example, the PATH) which would then fail or run incorrectly because the environment would not be accessible when the command was executed at a later time. Additionally, in versions of Red Hat Linux prior to 7.2 a malicious local user could specify an execution time is in a carefully drafted format causing a heap corruption bug. Since the at command is installed as setuid root this bug can be exploited. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0004 to this issue. Thanks to zen-parse for reporting this vulnerability. In addition to the fixed heap corruption, file handling security on all versions of at has been improved by adding the O_EXCL (exclusive) option to an open system call.

Solution(s)

  • redhat-upgrade-at

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;