Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Sun Solaris AT file deletion

Sun Solaris AT file deletion

by Mario Miri on April 8th, 2003 The at utility which is supplied with Sun Solaris is prone to a file deletion attack due to a incorrect sanitization of user supplied parameters. Option -r, which is normally used for deletion of previously scheduled at jobs, can be used to delete arbitrary file on the system.


Vulnerable:
Sun Solaris 2.5
Sun Solaris 2.5.1
Sun Solaris 2.6 _x86
Sun Solaris 2.6
Sun Solaris 7.0 _x86
Sun Solaris 7.0
Sun Solaris 8.0 _x86
Sun Solaris 8.0
Sun Solaris 9.0 _x86
Sun Solaris 9.0


Solution:
A suggested workaround is to remove suid bit from at binary, but this would deny normal operation of the command. Sun has released patches:
http://sunsolve.sun.com/


Exploit / Proof of concept:
http://download.xatrix.org/prf/sun-at.txt


Discovered by:
Wojciech Purczynski, [email protected]


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »