CVE-2003-1073

Name of the Vulnerable Software and Affected Versions Solaris versions 2.6 through 9

Description A race condition exists in the at command, allowing local users to delete arbitrary files by utilizing the -r argument with .. (dot dot) sequences in the job name. This is achieved by modifying the directory structure after the at command checks permissions to delete the file, but before the deletion actually takes place.

Recommendations For Solaris versions 2.6 through 9, consider restricting access to the at command until a fix is available, or apply configuration changes to prevent the exploitation of this issue. As a temporary workaround, consider disabling the at command for local users to minimize the risk of exploitation.