Info

Disclosure

Jul 29, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

OpenServer contains a flaw in the in the /usr/bin/uudecode binary which does not verify if it is writing to a file, a symlink, or an open pipe. This flaw may allow a local attacker to overwrite arbitrary files through symbolic links, resulting in a loss of data integrity

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, OpenServer has released a patch to address this vulnerability.

Products

SCO Group, Inc.	OpenServer	5.0.6
		5.0.7

References

Secunia Advisory ID: 12187
CVE ID: 2002-0178 (see also: NVD)
Bugtraq ID: 4742
ISS X-Force ID: 9075
Other Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.12

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/8274

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

SCO Group, Inc.

OpenServer

References

Credit