source: http://www.securityfocus.com/bid/331/info A vulnerability exists in NetBSD version 1.3.2 and lower, and Silicon Graphics Inc's IRIX versions 6.2, 6.3, 6.4, 6.5 and 6.5.1. The at(1) program can be supplied with a -f flag, and an error is access validation can result in the mailing of portions of unreadable files to any user who can run at. At uses seteuid to set the appropriate user id to run under. However, it incorrectly sets its real and effective uid to 0 prior to opening the filename passed to the -f flag. This allows any user to read any file on the filesystem. $ at -f /etc/shadow now + 1 minute This will mail back a portion of the shadow file to the user.
Related ExploitsTrying to match CVEs (1): CVE-1999-1409
Trying to match OSVDBs (1): 978
Other Possible E-DB Search Terms: NetBSD 1.3.2 / SGI IRIX 6.5.1 at(1), NetBSD 1.3.2 / SGI IRIX 6.5.1 at, NetBSD 1.3.2, NetBSD