SCO OpenServer Termsh HOME Environment Variable Buffer Overflow Vulnerability
BID:13065
Info
SCO OpenServer Termsh HOME Environment Variable Buffer Overflow Vulnerability
| Bugtraq ID: | 13065 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-0351 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 07 2005 12:00AM |
| Updated: | Jul 12 2009 12:56PM |
| Credit: | This issue was reported by the vendor. |
| Vulnerable: |
SCO Open Server 5.0.7 SCO Open Server 5.0.6 |
| Not Vulnerable: | |
Discussion
SCO OpenServer Termsh HOME Environment Variable Buffer Overflow Vulnerability
SCO OpenServer termsh application is affected by a local buffer overflow vulnerability.
An attacker can supply an excessive string value through the HOME variable to overflow a finite sized destination buffer.
A successful attack may allow the attacker to gain elevated privileges in the context of the application. It should be noted that the application is installed as setgid auth.
SCO OpenServer 5.0.6 and 5.0.7 are affected by this issue.
SCO OpenServer termsh application is affected by a local buffer overflow vulnerability.
An attacker can supply an excessive string value through the HOME variable to overflow a finite sized destination buffer.
A successful attack may allow the attacker to gain elevated privileges in the context of the application. It should be noted that the application is installed as setgid auth.
SCO OpenServer 5.0.6 and 5.0.7 are affected by this issue.
Exploit / POC
SCO OpenServer Termsh HOME Environment Variable Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
SCO OpenServer Termsh HOME Environment Variable Buffer Overflow Vulnerability
Solution:
SCO has released advisory SCOSA-2005.15 to address this issue. Please see the referenced advisory for more information.
SCO Open Server 5.0.6
SCO Open Server 5.0.7
Solution:
SCO has released advisory SCOSA-2005.15 to address this issue. Please see the referenced advisory for more information.
SCO Open Server 5.0.6
-
SCO oss646c.txt
ftp://ftp.sco.com/pub/openserver5/oss646c/oss646c.txt -
SCO SCOSA-2005.15
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.15
SCO Open Server 5.0.7
-
SCO SCOSA-2005.15
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.15
References
SCO OpenServer Termsh HOME Environment Variable Buffer Overflow Vulnerability
References:
References: