Vulnerability CVE-2002-0004 - CERT Civis.Net

Vulnerability Name:

CVE-2002-0004 (CCN-7909)

Assigned:

2002-01-16

Published:

2002-01-16

Updated:

2017-10-10

Summary:

Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: CCN
Type: BugTraq Mailing List, Wed Jan 16 2002 - 18:19:08 CST
'/usr/bin/at 31337 + vuln' problem + exploit

Source: MITRE
Type: CNA
CVE-2002-0004

Source: BUGTRAQ
Type: UNKNOWN
20020117 '/usr/bin/at 31337 + vuln' problem + exploit

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2002:007

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBTL0201-021
Heap corruption vulnerability in the at package

Source: HP
Type: UNKNOWN
HPSBTL0201-021

Source: HP
Type: UNKNOWN
HPSBTL0302-034

Source: CCN
Type: RHSA-2002-015
Updated at package available

Source: CCN
Type: CIAC Information Bulletin M-057
Red Hat "at" Vulnerability

Source: DEBIAN
Type: Patch
DSA-102

Source: DEBIAN
Type: DSA-102
at -- daemon exploit

Source: SUSE
Type: UNKNOWN
SuSE-SA:2002:003

Source: CCN
Type: OSVDB ID: 2028
at Malformed Execution Time Overflow

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2002:015

Source: BID
Type: Exploit, Patch, Vendor Advisory
3886

Source: CCN
Type: BID-3886
AT Maliciously Formatted Time Heap Overflow Vulnerability

Source: XF
Type: UNKNOWN
linux-at-exetime-heap-corruption(7909)

Source: XF
Type: UNKNOWN
linux-at-exetime-heap-corruption(7909)

Vulnerable Configuration:

Configuration 1:

cpe:/a:caldera:openlinux_server:3.1:*:*:*:*:*:*:*

OR cpe:/a:caldera:openlinux_workstation:3.1:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:debian:debian_linux:2.2:*:68k:*:*:*:*:*

OR cpe:/o:debian:debian_linux:2.2:*:alpha:*:*:*:*:*

OR cpe:/o:debian:debian_linux:2.2:*:arm:*:*:*:*:*

OR cpe:/o:debian:debian_linux:2.2:*:ia-32:*:*:*:*:*

OR cpe:/o:debian:debian_linux:2.2:*:powerpc:*:*:*:*:*

OR cpe:/o:debian:debian_linux:2.2:*:sparc:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:4.2:*:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:4.3:-:*:*:*:*:*:*

OR cpe:/o:freebsd:freebsd:4.4:-:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*

OR cpe:/o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:6.2:*:alpha:*:*:*:*:*

OR cpe:/o:redhat:linux:6.2:*:i386:*:*:*:*:*

OR cpe:/o:redhat:linux:6.2:*:sparc:*:*:*:*:*

OR cpe:/o:redhat:linux:7.0:*:alpha:*:*:*:*:*

OR cpe:/o:redhat:linux:7.0:*:i386:*:*:*:*:*

OR cpe:/o:redhat:linux:7.1:*:alpha:*:*:*:*:*

OR cpe:/o:redhat:linux:7.1:*:i386:*:*:*:*:*

OR cpe:/o:redhat:linux:7.1:*:ia64:*:*:*:*:*

OR cpe:/o:redhat:linux:7.2:*:alpha:*:*:*:*:*

OR cpe:/o:redhat:linux:7.2:*:i386:*:*:*:*:*

OR cpe:/o:redhat:linux:7.2:*:ia64:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:7.0:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:7.1:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:6.4:*:i386:*:*:*:*:*

OR cpe:/o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*

OR cpe:/o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.0:*:i386:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.1:*:ppc:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.1:*:x86:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.2:*:i386:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.3:*:i386:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*

Configuration CCN 1:

cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*

OR cpe:/o:hp:secure_os:1.0:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*

AND

cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.debian:def:102	V	daemon exploit	2002-01-16