CVE-2003-1073

Sun Solaris 2.5/2.6/7.0/8/9 AT Command - Arbitrary File Deletion

Severity Score

1.2

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.

*Credits: N/A

CVSS Scores

NISTv2 1.2

Attack Vector

Local

Attack Complexity

High

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2003-01-27 First Exploit
2003-12-31 CVE Published
2005-02-08 CVE Reserved
2023-03-08 EPSS Updated
2024-08-08 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (12)

URL	Tag	Source
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0044.html	Mailing List
http://isec.pl/vulnerabilities/isec-0008-sun-at.txt	X_refsource_misc
http://www.ciac.org/ciac/bulletins/n-070.shtml	Government Resource
http://www.securityfocus.com/archive/1/308577	Mailing List
http://www.securityfocus.com/bid/6692	Vdb Entry
http://www.securityfocus.com/bid/6693	Vdb Entry
http://www.securitytracker.com/id?1005994	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/11179	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/11180	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/22203	2003-01-27

URL	Date	SRC
http://secunia.com/advisories/7960	2018-10-30

URL	Date	SRC
http://sunsolve.sun.com/search/document.do?assetkey=1-26-50161-1	2018-10-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sun Search vendor "Sun"		Solaris Search vendor "Sun" for product "Solaris"				2.6 Search vendor "Sun" for product "Solaris" and version "2.6"		-		Affected
Sun Search vendor "Sun"		Solaris Search vendor "Sun" for product "Solaris"				7.0 Search vendor "Sun" for product "Solaris" and version "7.0"		x86		Affected
Sun Search vendor "Sun"		Solaris Search vendor "Sun" for product "Solaris"				8.0 Search vendor "Sun" for product "Solaris" and version "8.0"		x86		Affected
Sun Search vendor "Sun"		Solaris Search vendor "Sun" for product "Solaris"				9.0 Search vendor "Sun" for product "Solaris" and version "9.0"		sparc		Affected
Sun Search vendor "Sun"		Solaris Search vendor "Sun" for product "Solaris"				9.0 Search vendor "Sun" for product "Solaris" and version "9.0"		x86		Affected
Sun Search vendor "Sun"		Sunos Search vendor "Sun" for product "Sunos"				-		-		Affected
Sun Search vendor "Sun"		Sunos Search vendor "Sun" for product "Sunos"				5.5 Search vendor "Sun" for product "Sunos" and version "5.5"		-		Affected
Sun Search vendor "Sun"		Sunos Search vendor "Sun" for product "Sunos"				5.5.1 Search vendor "Sun" for product "Sunos" and version "5.5.1"		-		Affected
Sun Search vendor "Sun"		Sunos Search vendor "Sun" for product "Sunos"				5.7 Search vendor "Sun" for product "Sunos" and version "5.7"		-		Affected
Sun Search vendor "Sun"		Sunos Search vendor "Sun" for product "Sunos"				5.8 Search vendor "Sun" for product "Sunos" and version "5.8"		-		Affected