Mandrake Linux Security Advisory : at (MDKSA-2002:007)
High Nessus Plugin ID 13915
SynopsisThe remote Mandrake Linux host is missing a security update.
Descriptionzen-parse discovered a problem in the at command containing an extra call to free() which can lead to a segfault with a carefully crafted, but incorrect, format. This is caused due to a heap corruption that can be exploited under certain circumstances because the at command is installed setuid root. Thanks to SuSE for an additional security improvement that ads the O_EXCL (exclusive) option to the open(2) system call inside the at code.
SolutionUpdate the affected at package.