SCO UnixWare/OpenServer Unspecified CHRoot Breakout Vulnerability
BID:12300
Info
SCO UnixWare/OpenServer Unspecified CHRoot Breakout Vulnerability
| Bugtraq ID: | 12300 |
| Class: | Design Error |
| CVE: |
CVE-2004-1124 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 18 2005 12:00AM |
| Updated: | Jul 12 2009 10:06AM |
| Credit: | Discovery of this vulnerability is credited to Simon Roses Femerling. |
| Vulnerable: |
SCO Unixware 7.1.4 SCO Unixware 7.1.3 SCO Unixware 7.1.1 SCO Open Server 5.0.7 SCO Open Server 5.0.6 |
| Not Vulnerable: | |
Discussion
SCO UnixWare/OpenServer Unspecified CHRoot Breakout Vulnerability
SCO UnixWare and OpenServer are reported prone to an unspecified chroot breaking vulnerability.
An attacker that has local interactive access to a computer that is running a vulnerable version of UnixWare may exploit this vulnerability to break out of a chroot prison that they reside in.
Specific details in regards to this vulnerability are not currently available. This BID will be updated as soon as further information is made available.
SCO UnixWare and OpenServer are reported prone to an unspecified chroot breaking vulnerability.
An attacker that has local interactive access to a computer that is running a vulnerable version of UnixWare may exploit this vulnerability to break out of a chroot prison that they reside in.
Specific details in regards to this vulnerability are not currently available. This BID will be updated as soon as further information is made available.
Exploit / POC
SCO UnixWare/OpenServer Unspecified CHRoot Breakout Vulnerability
Shellcode to trigger this vulnerability is available in Simon Roses Femerling 'LibExploit' library. This library is available at the following location:
http://www.packetfactory.net/projects/libexploit/
Shellcode to trigger this vulnerability is available in Simon Roses Femerling 'LibExploit' library. This library is available at the following location:
http://www.packetfactory.net/projects/libexploit/
Solution / Fix
SCO UnixWare/OpenServer Unspecified CHRoot Breakout Vulnerability
Solution:
The vendor has released an advisory (SCOSA-2005.2) and fixes to address this vulnerability for UnixWare.
A fix for UnixWare 7.1.3 is included in UnixWare Release 7.1.3 Maintenance Pack 4 or later and a fix for UnixWare 7.1.1 is available in UnixWare Release 7.1.1 Maintenance Pack 5 or later
The vendor has released an advisory (SCOSA-2005.22) and fixes to address this vulnerability for OpenServer.
Customers are advised to see the referenced advisories for further information in regards to obtaining and applying appropriate fixes.
SCO Open Server 5.0.6
SCO Open Server 5.0.7
SCO Unixware 7.1.4
Solution:
The vendor has released an advisory (SCOSA-2005.2) and fixes to address this vulnerability for UnixWare.
A fix for UnixWare 7.1.3 is included in UnixWare Release 7.1.3 Maintenance Pack 4 or later and a fix for UnixWare 7.1.1 is available in UnixWare Release 7.1.1 Maintenance Pack 5 or later
The vendor has released an advisory (SCOSA-2005.22) and fixes to address this vulnerability for OpenServer.
Customers are advised to see the referenced advisories for further information in regards to obtaining and applying appropriate fixes.
SCO Open Server 5.0.6
-
SCO VOL.000.000 for SCOSA-2005.22
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.22
SCO Open Server 5.0.7
-
SCO VOL.000.000 for SCOSA-2005.22
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.22
SCO Unixware 7.1.4
-
SCO erg712629c.pkg.Z
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.2
References
SCO UnixWare/OpenServer Unspecified CHRoot Breakout Vulnerability
References:
References: