The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user.

在Mac OS X 10.3.7及其之前版本中，“at”命令未正确降低权限，这允许本地用户(1)通过atrm删除任意文件，(2)通过批处理命令的-f参数执行任意程序，或(3)通过批处理命令的-f参数读取任意文件，从而生成一个本地用户可以读取的job文件。

NVD 暂无评分

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

NVD 暂无漏洞类别信息

神龙GPT 暂无漏洞类别信息（请耐心等待）