CVE-2002-0004

Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.

Score7.2
Access VectorLOCAL
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactCOMPLETE
Integrity ImpactCOMPLETE
Availability ImpactCOMPLETE
Published2002-02-27 12:00:00.000-05
Last Modified2017-10-09 09:30:03.000-04

Vulnerable Software List

VendorProductVersions
Freebsd Freebsd 4.1.1, 4.2, 4.3, 4.4
Debian Debian Linux 2.2::68k, 2.2::alpha, 2.2::arm, 2.2::ia-32, 2.2::powerpc, 2.2::sparc
Caldera Openlinux Workstation 3.1
Caldera Openlinux Server 3.1
Slackware Slackware Linux 7.0, 7.1, 8.0
Netbsd Netbsd 1.5.2
Redhat Linux 6.2::alpha, 6.2::i386, 6.2::sparc, 7.0::alpha, 7.0::i386, 7.1::alpha, 7.1::i386, 7.1::ia64, 7.2::, 7.2::alpha
Mandrakesoft Mandrake Linux 8.0, 8.0::ppc, 8.1, 8.1::ia64
Suse Suse Linux 6.4::i386, 6.4::ppc, 6.4:alpha, 7., 7.0::i386, 7.0::ppc, 7.0::sparc, 7.0:alpha, 7.1::ppc, 7.1::sparc, 7.1::x86

References

SourceLink
BUGTRAQ20020117 '/usr/bin/at 31337 + vuln' problem + exploit
MANDRAKEMDKSA-2002:007
HPHPSBTL0201-021
HPHPSBTL0302-034
DEBIANDSA-102
SUSESuSE-SA:2002:003
REDHATRHSA-2002:015
BID3886
XFlinux-at-exetime-heap-corruption(7909)