SCO OpenServer lpforms First Argument Local Overflow

2001-03-27T00:00:00
ID OSVDB:7646
Type osvdb
Reporter KF(dotslash@snosoft.com)
Modified 2001-03-27T00:00:00

Description

Vulnerability Description

A local overflow exists in OpenServer. The lpforms command fails to validate user-supplied arguments resulting in a buffer overflow. With a specially crafted request consisting of more than 6240 characters, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, SCO has released a patch to address this vulnerability.

Short Description

A local overflow exists in OpenServer. The lpforms command fails to validate user-supplied arguments resulting in a buffer overflow. With a specially crafted request consisting of more than 6240 characters, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1001179 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=98576624201006&w=2 ISS X-Force ID: 6293 CVE-2001-0578 Bugtraq ID: 2554