https://www.exploit-db.com/exploits/19867
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200005-014

SuSELinux6.3的aaa_base和早期版本的cron.daily存在漏洞，本地用户可以通过生成包含空格文件名的文件删除任意文件。此时在从/tmp目录下删除过期文件时aaa_base便不能正确解析，

source: http://www.securityfocus.com/bid/1130/info

A vulnerability exists in SuSE Linux, version 6.3 and prior, that can allow arbitrary users to delete any file on the system. If the MAX_DAYS_IN_TMP variable is set in /etc/rc.config to be larger than 0, any local user can remove any file on the system. This is due to a flaw in /etc/cron.daily/aaa_base in SuSE 6.3, or /root/bin/cron.daily in older versions.

It has been reported that only files in the root directory (/) can be removed. Previously, it was thought arbitrary files anywhere on the filesystem could be removed.

mkdir -p "/tmp/foo vmlinux"
touch -t old-date "/tmp/foo vmlinux"

来源:BID
名称:1130
链接:http://www.securityfocus.com/bid/1130