Info

Disclosure

Nov 26, 1999

Discovery

Unknown

Dates

Exploit

Nov 26, 1999

Solution

Unknown

Description

A local overflow exists in SCO UnixWare. UnixWare fails to check the boundary of arguments supplied to the "Xsco" command, resulting in a buffer overflow. By passing an overly long argument (argv[1]) to Xsco, an local attacker can cause a buffer overflow and gain superuser privileges, resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, SCO has released a patch to address this vulnerability.

Products

Santa Cruz Operation, Inc.	SCO UnixWare	7.0
		7.0.1
		7.1

References

CVE ID: 1999-0830 (see also: NVD)
ISS X-Force ID: 3726
Bugtraq ID: 824
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999-q4/0111.html
Vendor Specific Advisory URL: http://www.attrition.org/security/advisory/unix/sco/SB-99.26b
Vendor URL: http://www.sco.com/
Keyword: SSE050b

Credit

K2 - ktwoktwo.ca -

Direct URL: http://osvdb.org/8336

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Santa Cruz Operation, Inc.

SCO UnixWare

References

Credit