A local overflow exists in some versions of the at(1) program. The program fails to validate input properly resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code as root resulting in a loss of integrity and confidentiality.
Consult the vendor for the appropriate patch. It is also possible to correct the flaw by implementing the following workaround: Remove the permissions of the at(1) program.