SCO OpenServer Atcronsh HOME Environment Variable Buffer Overflow Vulnerability
BID:13064
Info
SCO OpenServer Atcronsh HOME Environment Variable Buffer Overflow Vulnerability
| Bugtraq ID: | 13064 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-0351 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 07 2005 12:00AM |
| Updated: | Jul 12 2009 12:56PM |
| Credit: | This issue was reported by the vendor. |
| Vulnerable: |
SCO Open Server 5.0.7 SCO Open Server 5.0.6 |
| Not Vulnerable: | |
Discussion
SCO OpenServer Atcronsh HOME Environment Variable Buffer Overflow Vulnerability
SCO OpenServer atcronsh application is affected by a local buffer overflow vulnerability.
An attacker can supply an excessive string value through the HOME variable to overflow a finite sized destination buffer.
A successful attack may allow the attacker to gain elevated privileges in the context of the application. It should be noted that the application is installed as setgid cron.
SCO OpenServer 5.0.6 and 5.0.7 are affected by this issue.
SCO OpenServer atcronsh application is affected by a local buffer overflow vulnerability.
An attacker can supply an excessive string value through the HOME variable to overflow a finite sized destination buffer.
A successful attack may allow the attacker to gain elevated privileges in the context of the application. It should be noted that the application is installed as setgid cron.
SCO OpenServer 5.0.6 and 5.0.7 are affected by this issue.
Exploit / POC
SCO OpenServer Atcronsh HOME Environment Variable Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
SCO OpenServer Atcronsh HOME Environment Variable Buffer Overflow Vulnerability
Solution:
SCO has released advisory SCOSA-2005.15 to address this issue. Please see the referenced advisory for more information.
SCO Open Server 5.0.6
SCO Open Server 5.0.7
Solution:
SCO has released advisory SCOSA-2005.15 to address this issue. Please see the referenced advisory for more information.
SCO Open Server 5.0.6
-
SCO oss646c.txt
ftp://ftp.sco.com/pub/openserver5/oss646c/oss646c.txt -
SCO SCOSA-2005.15
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.15
SCO Open Server 5.0.7
-
SCO SCOSA-2005.15
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.15
References
SCO OpenServer Atcronsh HOME Environment Variable Buffer Overflow Vulnerability
References:
References: