ID CVE-2004-0512 Type cve Reporter cve@mitre.org Modified 2017-07-11T01:30:00
Description
Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a core dump.
{"osvdb": [{"lastseen": "2017-04-28T13:20:03", "bulletinFamily": "software", "cvelist": ["CVE-2004-0512"], "edition": 1, "description": "## Vulnerability Description\nOpenServer contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified core dump vulnerability in the MMDF package is exploited, and will result in loss of availability for the service.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, SCO has released a patch to address this vulnerability.\n## Short Description\nOpenServer contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified core dump vulnerability in the MMDF package is exploited, and will result in loss of availability for the service.\n## References:\n[Secunia Advisory ID:12100](https://secuniaresearch.flexerasoftware.com/advisories/12100/)\n[Related OSVDB ID: 8095](https://vulners.com/osvdb/OSVDB:8095)\n[Related OSVDB ID: 8096](https://vulners.com/osvdb/OSVDB:8096)\nPacket Storm: http://packetstormsecurity.org/0407-advisories/SCOSA-2004.7.txt\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.7/SCOSA-2004.7.txt\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0762.html\nISS X-Force ID: 16740\n[CVE-2004-0512](https://vulners.com/cve/CVE-2004-0512)\nBugtraq ID: 10758\n", "modified": "2004-07-14T04:23:23", "published": "2004-07-14T04:23:23", "href": "https://vulners.com/osvdb/OSVDB:8097", "id": "OSVDB:8097", "type": "osvdb", "title": "SCO OpenServer MMDF Core Dumps DoS", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:10", "bulletinFamily": "software", "cvelist": ["CVE-2004-0511", "CVE-2004-0510", "CVE-2004-0512"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\n______________________________________________________________________________\r\n\r\n SCO Security Advisory\r\n\r\nSubject: OpenServer 5.0.6 OpenServer 5.0.7 : MMDF Various buffer overflows and\r\nother security issues\r\nAdvisory number: SCOSA-2004.7\r\nIssue date: 2004 July 14\r\nCross reference: sr884728 fz528322 erg712434 CAN-2004-0510 CAN-2004-0511 CAN-2004-0512\r\n______________________________________________________________________________\r\n\r\n\r\n1. Problem Description\r\n\r\n Deprotect discovered a buffer overflow in execmail. After reviewing \r\n our code we determined the whole MMDF package needed a security audit.\r\n\r\n Various buffer overflows and other security issues that affect all \r\n MMDF binaries have been corrected. \r\n\r\n All but one of the MMDF binaries that were setuid root are no \r\n longer setuid. \r\n\r\n Additional changes in this version of MMDF are documented at\r\n ftp://ftp.sco.com/pub/openserver5/507/mp/mp3/osr507mp3.html#rn507mp_mmdf\r\n and in the updated man pages which are included in SCOSA-2004.7\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned MMDF buffer overflows the name CAN-2004-0510.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned MMDF null dereferences the name CAN-2004-0511.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned MMDF core dumps the name CAN-2004-0512.\r\n\r\n2. Vulnerable Supported Versions\r\n\r\n System Binaries\r\n ----------------------------------------------------------------------\r\n OpenServer 5.0.6 MMDF Distribution\r\n OpenServer 5.0.7 MMDF Distribution\r\n\r\n3. Solution\r\n\r\n The proper solution is to install the latest packages.\r\n\r\n4. OpenServer 5.0.7\r\n\r\n 4.1 Location of Fixed Binaries\r\n\r\n ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.7\r\n\r\n The fixes are also available in SCO OpenServer Release 5.0.7 \r\n Maintenance Pack 3 or later. See\r\n http://www.sco.com/support/update/download/osr507list.html.\r\n\r\n5. OpenServer 5.0.6 \r\n\r\n 5.1 Location of Fixed Binaries\r\n\r\n ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.7\r\n\r\n 5.2 Verification\r\n\r\n MD5 (VOL.000.000) = 7d079342022ff408e479184fab3ee86b\r\n\r\n md5 is available for download from\r\n ftp://ftp.sco.com/pub/security/tools\r\n\r\n 5.3 Installing Fixed Binaries\r\n\r\n Upgrade the affected binaries with the following sequence:\r\n\r\n 1) Download the VOL* files to a directory\r\n\r\n 2) Run the custom command, specify an install from media\r\n images, and specify the download directory as the location of\r\n the images.\r\n\r\n\r\n6. References\r\n\r\n Specific references for this advisory:\r\n http://www.deprotect.com/advisories/DEPROTECT-20040206.txt\r\n\r\n SCO security resources:\r\n http://www.sco.com/support/security/index.html\r\n\r\n SCO security advisories via email\r\n http://www.sco.com/support/forums/security.html\r\n\r\n This security fix closes SCO incidents sr884728 fz528322\r\n erg712434.\r\n\r\n\r\n7. Disclaimer\r\n\r\n SCO is not responsible for the misuse of any of the information\r\n we provide on this website and/or through our security\r\n advisories. Our advisories are a service to our customers\r\n intended to promote secure installation and use of SCO\r\n products.\r\n\r\n\r\n8. Acknowledgments\r\n\r\n SCO would like to thank Deprotect which describes itself \r\n as "a Swedish based security company divided into four \r\n divisions; Managed Security Services, Security Services, \r\n Products and Development and our Security Academy."\r\n\r\n______________________________________________________________________________\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.4 (SCO/UNIX_SVR5)\r\n\r\niD8DBQFA/BA7aqoBO7ipriERAlNkAJ4wc5INlU2E1vS0FvfHIBZBWVZncgCgguCU\r\n5eD+BJzK6BCNVJAbF1y1Jic=\r\n=yfK9\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.netsys.com/full-disclosure-charter.html", "edition": 1, "modified": "2004-07-20T00:00:00", "published": "2004-07-20T00:00:00", "id": "SECURITYVULNS:DOC:6516", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6516", "title": "[Full-Disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : MMDF Various buffer overflows and other security issues", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}