Total vulnerabilities in the database
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.
| Software | From | Fixed in |
|---|---|---|
| sun / sunos | 5.7 | 5.7.x |
| sun / sunos | 5.5 | 5.5.x |
| sun / sunos | 5.8 | 5.8.x |
| sun / solaris | 9.0 | 9.0.x |
| sun / solaris | 7.0 | 7.0.x |
| sun / sunos | 5.5.1 | 5.5.1.x |
| sun / solaris | 2.6 | 2.6.x |
| sun / solaris | 8.0 | 8.0.x |