Info

Disclosure

Apr 07, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in SCO OpenServer. The auditsh utility fails to validate input received from the HOME environment variable resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code and gain additional privileges.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, SCO has released a patch (oss646c) to address this vulnerability.

Products

SCO Group, Inc.	OpenServer	5.0.6
		5.0.7

References

Secunia Advisory ID: 14892
Related OSVDB ID: 15359 15360
CVE ID: 2005-0351 (see also: NVD)
Other Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.15/SCOSA-2005.15.txt
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0106.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

SCO Group, Inc.

OpenServer

References

Credit