Description
aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow local users to delete arbitrary files by creating files whose names include spaces, which are then incorrectly interpreted by aaa_base when it deletes expired files from the /tmp directory.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Peter_M · textlocallinux
https://www.exploit-db.com/exploits/19867
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1130
Scores
EPSS
0.0050
EPSS Percentile
66.1%
Details
Status
published
Products (5)
suse/suse_linux
6.0
suse/suse_linux
6.1 (2 CPE variants)
suse/suse_linux
6.2
suse/suse_linux
6.3 (3 CPE variants)
suse/suse_linux
6.4
Published
May 02, 2000
Tracked Since
Feb 18, 2026