Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2002:007: at Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the at package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2002:007 (at).
zen-parse discovered a problem in the at command containing an extra call to
free() which can lead to a segfault with a carefully crafted, but incorrect,
format. This is caused due to a heap corruption that can be exploited under
certain circumstances because the at command is installed setuid root. Thanks to
SuSE for an additional security improvement that ads the O_EXCL (exclusive)
option to the open(2) system call inside the at code.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2002:007
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.