The Nolander wrote:
>Uhm.. Atleast I have known of this at vulnerability for a while... Even
>though it still exists on atleast my Linux box I can't say it's easy
>exploitable.. (at complains about garbled time when trying with some "not
>nice" stuff)..
Where, exactly? The CERT advisory was talking about commercial
systems. The Linux implementation of at(1) is entirely written
from scratch.
There was a "obtain root" hole in earlier versions of
at (somewhere pre 2.7, and not caused by a buffer overrun), plus
an off-by-one error some time ago. All of these are believed fixed
in 2.9b, the current public version of at.
BTW, "garbled time" is an indication that at could not parse the date
it was handed.
--
Thomas Koenig, Thomas.Koenig_at_ciw.uni-karlsruhe.de, ig25_at_dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.
Received on Jun 14 1997
Intro
