8095 : SCO OpenServer MMDF execmail Overflow
Printer | http://osvdb.org/8095 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

7 months ago

Percent Complete

100%

Disclosure

Feb 06, 2004

Discovery

Unknown

Dates

Exploit

Oct 27, 2004

Solution

Unknown

Description

A remote overflow exists in OpenServer. The execmail program fails to validate user input resulting in a buffer overflow. With a specially crafted request, an attacker can cause privilege escalation to root resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Rumored / Private
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, SCO has released a patch to address this vulnerability.

Products

SCO Group, Inc.	OpenServer	5.0.6
		5.0.7

References

Bugtraq ID: 10758
Secunia Advisory ID: 12100
ISS X-Force ID: 16738
CVE ID: 2004-0510 (see also: NVD)
Related OSVDB ID: 8096 8097
Other Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.7/SCOSA-2004.7.txt http://www.deprotect.com/advisories/DEPROTECT-20040206.txt
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0288.html
http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0762.html
Packet Storm: http://packetstormsecurity.org/0407-advisories/SCOSA-2004.7.txt

Credit

Deprotect Advisories - advisoriesdeprotect.com - Deprotect Advisories

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

SCO Group, Inc.

OpenServer

References

Credit

Blogs

Comments