SCO scosession Local Command Line Buffer Overflow Vulnerability

Bugtraq ID:	12372
Class:	Boundary Condition Error
CVE:	CVE-2003-1021
Remote:	No
Local:	Yes
Published:	Jan 26 2005 12:00AM
Updated:	Jul 12 2009 10:06AM
Credit:	The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue.
Vulnerable:	SCO Open Server 5.0.7 SCO Open Server 5.0.6 a SCO Open Server 5.0.6 SCO Open Server 5.0.5 SCO Open Server 5.0.4 SCO Open Server 5.0.3 SCO Open Server 5.0.2 SCO Open Server 5.0.1 SCO Open Server 5.0
Not Vulnerable:

SCO scosession Local Command Line Buffer Overflow Vulnerability

A local buffer overflow vulnerability affects SCO scosession. This issue is due to a failure of the application to properly validate user-supplied input strings prior to copying them to finite process buffers.

A local attacker may leverage this issue to execute arbitrary code with the privileges of the superuser, facilitating privilege escalation.

SCO scosession Local Command Line Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

SCO scosession Local Command Line Buffer Overflow Vulnerability

Solution:
SCO has made an advisory available dealing with this issue. Please see the referenced advisory for more information.

SCO scosession Local Command Line Buffer Overflow Vulnerability

References: