Description
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
Products
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Workstation 3.1
- Debian Linux 2.2 for 68k
- Debian Linux 2.2 for Alpha
- Debian Linux 2.2 for ARM
- Debian Linux 2.2 for IA-32
- Debian Linux 2.2 for PowerPC
- Debian Linux 2.2 for SPARC
- FreeBSD 4.1.1
- FreeBSD 4.2
- FreeBSD 4.3
- FreeBSD 4.3
- FreeBSD 4.3 Patch 24
- FreeBSD 4.3 Patch 37
- FreeBSD 4.3 Patch 38
- FreeBSD 4.3 Patch 40
- FreeBSD 4.3 Patch 41
- FreeBSD 4.3 Patch 42
- FreeBSD 4.3 Release Candidate
- FreeBSD 4.4
- FreeBSD 4.4
- FreeBSD 4.4 Patch 27
- FreeBSD 4.4 Patch 41
- FreeBSD 4.4 Patch 42
- FreeBSD 4.4 Patch 44
- FreeBSD 4.4 Patch 45
- FreeBSD 4.4 Patch 46
- FreeBSD 4.4 Patch 47
- FreeBSD 4.4 Patch 4
- FreeBSD 4.4 Patch 8
- MandrakeSoft Mandrake Linux 8.0
- Mandrakesoft Mandrake Linux 8.0 on PPC
- MandrakeSoft Mandrake Linux 8.1
- Mandrakesoft Mandrake Linux 8.1 on IA64
- NetBSD 1.5.2
- Red Hat Linux 6.2 on Alpha
- Red Hat Linux 6.2 on i386
- Red Hat Linux 6.2 on SPARC
- Red Hat Linux 7.0 on Alpha
- Red Hat Linux 7.0 on i386
- Red Hat Linux 7.1 on Alpha
- Red Hat Linux 7.1 on i386
- Red Hat Linux 7.1 on IA64
- Red Hat Linux 7.2 on Alpha
- Red Hat Linux 7.2 on I386
- Red Hat Linux 7.2 on IA64
- Slackware Linux 7.0
- Slackware Linux 7.1
- Slackware Linux 8.0
- SUSE Linux 6.4 on i386
- SUSE Linux 6.4 on PPC
- SuSE SuSE Linux 6.4 alpha
- SUSE Linux 7.0 on i386
- SUSE Linux 7.0 on PPC
- SUSE Linux 7.0 on SPARC
- SuSE SuSE Linux 7.0 alpha
- SUSE Linux 7.1 on PPC
- SUSE Linux 7.1 on SPARC
- SUSE Linux 7.1 on x86
- SuSE SuSE Linux 7.1 alpha
- SUSE Linux 7.2 on i386
- SUSE Linux 7.3 on i386
- SUSE Linux 7.3 on PPC
- SUSE Linux 7.3 on SPARC
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2002-0004, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2002-0004 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References