Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0004

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2002-0004
Last Modified 10 Sep 2008 03:11:01
Published 27 Feb 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-0004

Summary

Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.

Vulnerable Systems

Operating System

  • Debian Linux 2.2

  • Freebsd 4.1.1

  • Freebsd 4.2

  • Freebsd 4.3

  • Freebsd 4.4

  • Mandrakesoft Mandrake Linux 8.0

  • Mandrakesoft Mandrake Linux 8.1

  • Netbsd 1.5.2

  • Redhat Linux 6.2

  • Redhat Linux 7.0

  • Redhat Linux 7.1

  • Redhat Linux 7.2

  • Slackware Linux 7.0

  • Slackware Linux 7.1

  • Slackware Linux 8.0

  • Suse Linux 6.4

  • Suse Linux 7.0

  • Suse Linux 7.1

  • Suse Linux 7.2

  • Suse Linux 7.3

Application

  • Caldera Openlinux Server 3.1

  • Caldera Openlinux Workstation 3.1


References

BID - 3886

REDHAT - RHSA-2002:015

DEBIAN - DSA-102

BUGTRAQ - 20020117 '/usr/bin/at 31337 + vuln' problem + exploit

XF - linux-at-exetime-heap-corruption(7909)

SUSE - SuSE-SA:2002:003

HP - HPSBTL0302-034

HP - HPSBTL0201-021

MANDRAKE - MDKSA-2002:007


Last Updated: 27 May 2016 10:36:44