{"title": "SCO OpenServer recon First Argument Local Overflow", "published": "2001-03-27T00:00:00", "references": [], "type": "osvdb", "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "vulnersScore": 7.2}, "cvelist": ["CVE-2001-0577"], "viewCount": 0, "affectedSoftware": [{"version": "5.0.6", "name": "OpenServer", "operator": "eq"}], "hash": "09b3570cd0771e3f2ed11f7d22149e0867dc8148a844513997dd4accaf9c0bc6", "id": "OSVDB:7647", "modified": "2001-03-27T00:00:00", "history": [], "href": "https://vulners.com/osvdb/OSVDB:7647", "hashmap": [{"hash": "385000859d56cf0ce141bf9d66da543b", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "602f9bceb6f020acdfd08121d721f97d", "key": "cvelist"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "bc0e398622aa3e649dace74fa93fdb9d", "key": "description"}, {"hash": "272a5b3ab85c7f653a2647be39ba1bc7", "key": "href"}, {"hash": "05bfca0d2e10fe86c85bf2fbd3007831", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "05bfca0d2e10fe86c85bf2fbd3007831", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "5dc8825c36833e72faaa7fddae7ff3da", "key": "reporter"}, {"hash": "af822751cab313bf3a13c01008ace74e", "key": "title"}, {"hash": "1327ac71f7914948578f08c54f772b10", "key": "type"}], "objectVersion": "1.2", "edition": 1, "description": "## Vulnerability Description\nA local overflow exists in OpenServer. The recon command fails to validate user-supplied arguments resulting in a buffer overflow. With a specially crafted request consisting of more than 1315 characters, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, SCO has released a patch to address this vulnerability.\n## Short Description\nA local overflow exists in OpenServer. The recon command fails to validate user-supplied arguments resulting in a buffer overflow. With a specially crafted request consisting of more than 1315 characters, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/SSE/sse072c/sse072c.ltr)\nSecurity Tracker: 1001180\nMail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=98575462712005&w=2\nISS X-Force ID: 6289\n[CVE-2001-0577](https://vulners.com/cve/CVE-2001-0577)\nBugtraq ID: 2560\n", "bulletinFamily": "software", "reporter": "KF(dotslash@snosoft.com)", "cvss": {"vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 7.2}, "lastseen": "2017-04-28T13:20:02"}

{"cve": [{"lastseen": "2017-12-19T12:21:02", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/6289", "http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html", "http://archives.neohapsis.com/archives/bugtraq/2001-03/0410.html"], "description": "recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first command line argument.", "edition": 2, "reporter": "NVD", "published": "2001-08-22T00:00:00", "title": "CVE-2001-0577", "type": "cve", "enchantments": {"score": {"modified": "2017-12-19T12:21:02", "vector": "NONE", "value": 7.2}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2001-0577"], "scanner": [], "modified": "2017-12-18T21:29:22", "cpe": ["cpe:/o:sco:openserver:5.0.6"], "id": "CVE-2001-0577", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0577", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-02T14:54:41", "osvdbidlist": ["7647"], "references": [], "edition": 1, "description": "SCO Open Server 5.0.6 recon Buffer Overflow Vulnerability. CVE-2001-0577. Dos exploit for sco platform", "reporter": "Secure Network Operations", "published": "2001-03-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "exploitdb", "title": "SCO Open Server 5.0.6 recon Buffer Overflow Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2001-0577"], "modified": "2001-03-27T00:00:00", "id": "EDB-ID:20742", "href": "https://www.exploit-db.com/exploits/20742/", "sourceData": "source: http://www.securityfocus.com/bid/2560/info\r\n\r\nSCO OpenServer 5.0.6 (and possibly earlier versions) ships with a suid 'bin' executable called 'recon'.\r\n\r\n'recon' is used to buffer and forward escape sequences from a user's input to timing-sensitive applications.\r\n\r\n'recon' contains a locally exploitable buffer overflow condition present in the handling of command-line parameters.\r\n\r\nIf properly exploited, this can yield user 'bin' privileges to the attacker. \r\n\r\n/opt/K/SCO/Unix/5.0.6Ga/usr/bin/recon `perl -e 'print \"A\" x 3000'`\r\n\r\nMemory fault - core dumped ", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/20742/"}]}