CVE-1999-1409

Name of the Vulnerable Software and Affected Versions at program in IRIX version 6.2 at program in NetBSD versions 1.3.2 and earlier

Description The issue allows local users to read portions of arbitrary files by submitting the file to at with the -f argument. This generates error messages that at sends to the user via e-mail.

Recommendations For IRIX version 6.2, consider restricting access to the at program to minimize the risk of exploitation. For NetBSD versions 1.3.2 and earlier, consider disabling the at program until a fix is available. As a temporary workaround, avoid using the -f argument in the at program to prevent the generation of error messages that could reveal sensitive information.