Race Condition Vulnerability in Solaris at Command Allows Arbitrary File Deletion

Race Condition Vulnerability in Solaris at Command Allows Arbitrary File Deletion

CVE-2003-1073 · LOW Severity

AV:L/AC:H/AU:N/C:N/I:P/A:N

A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.

Learn more about our Cis Benchmark Audit For Oracle Solaris.