Privilege Escalation Vulnerability in at Commands on Mac OS X 10.3.7 and Earlier

Privilege Escalation Vulnerability in at Commands on Mac OS X 10.3.7 and Earlier

CVE-2005-0125 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user.

Learn more about our User Device Pen Test.