Netscape FastTrack Server 2.0.1 a GET Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/908/info The version of Netscape FastTrack server that ships with UnixWare 7.1 is vulnerable to a remote buffer overlow. By default, the httpd listens on port 457 of the UnixWare host and serves documentation via http. If...

Caldera UnixWare 7.1.1 Message Catalog Environment Variable Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4060/info UnixWare is a commercially available Unix Operating System. It was originally developed by SCO, and is now distributed and maintained by Caldera. A format string vulnerability in the locale subsystem could lead ...

SCO Unixware 7.1 pkgcat Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/853/info It is possible to view the entries in /etc/shadow through exploiting a buffer overflow in pkgcat and pkginstall. Though neither of these binaries are setuid, the dacread permissions which are granted in...

SCO Unixware 7.1 'pkg' commands Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/850/info Certain versions of SCO's Unixware only version 7.1 was tested ship with a series of package install/removal utilities which due to design issues under the SCO UnixWare operating system may read any file on the...

SCO Unixware 7.0/7.0.1/7.1/7.1.1 'xauto' Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/848/info Certain versions of SCO's UnixWare ship with a version of /usr/X/bin/xauto which is vulnerable to a buffer overflow attack which may result in an attacker gaining root privileges. This is exploitable to gain root...

Tridia DoubleVision 3.0 7.00 Local Root Compromise

No description provided by source. source: http://www.securityfocus.com/bid/1697/info A utility integral to Tridia DoubleVision for SCO UnixWare 7.x has been found to be vulnerable to a buffer overflow attack. dvtermtype, which is setuid root, is run by a user at login time to tell DoubleVision...

X11R6 <= 6.4 XKEYBOARD - Local Buffer Overflow Exploit (sco/x86)

No description provided by source. / X11R6 XKEYBOARD extension Strcmp for SCO UnixWare 7.1.3 x86 Copyright 2006 RISE Security [email protected], Ramon de Carvalho Valle [email protected] This program is free software; you can redistribute it and/or modify it under the terms of the GNU...

SCO Unixware 7.1 pkginstall Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/853/info It is possible to view the entries in /etc/shadow through exploiting a buffer overflow in pkgcat and pkginstall. Though neither of these binaries are setuid, the dacread permissions which are granted in...

SCO Unixware 7.1/7.1.1 ARCserver /tmp symlink Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/988/info A symlink following vulnerability exists in the ARCserve agent, as shipped with SCO Unixware 7. Upon startup, the asagent program will create several files in /tmp. These are created mode 777, and can be removed...

SCO Unixware 7.0 xlock(1) (long username) Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/825/info Certain versions of Unixware ship with a version of xlock which is vulnerable to a buffer overflow attack. The xlock1 program locks the local X display until a username and password are entered. In this instance ...

Caldera UnixWare 7.1.1 WebTop SCOAdminReg.CGI Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3936/info UnixWare is a commercial Unix implementation distributed originally developed by SCO. It is now maintained and distributed by Caldera. The scoadminreg.cgi program does not properly validate user input when...

SCO Unixware 7.0/7.0.1/7.1 Xsco Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/824/info Under certain versions of Unixware, the SUID program Xsco is vulnerable to a buffer overflow attack. The problem lies in that Xsco does not sanity check user supplied data. // UnixWare7 /usr/X/bin/Xsco local,...

SCO Unixware 7.1 '/var/mail' permissions Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/849/info Certain versions of SCO's UnixWare only 7.1 was tested ship with the /var/mail/ directory with permission 777-rwxrwxrwx . This in effect allows malicious users to read incoming mail for users who do not yet have ...

SCO Unixware 7.1 i2odialogd Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/876/info UnixWare is a variant of the Unix operating system originally written by SCO, and distributed and maintained by Caldera. i20dialogd is a daemon which provides a front-end for controlling the i20 subsystem. It is...

SCO Unixware 2.1/7.0/7.0.1/7.1/7.1.1 su(1) Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/826/info Certain versions of Unixware ship with a version of su1 which is vulnerable to a buffer overflow attack. This attack is possible because su1 fails to sanity check user supplied data, in this instance a username...

SCO Unixware 7.0/7.0.1/7.1/7.1.1 'coredump' Symlink Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/851/info Under certain versions of SCO UnixWare if a user can force a program with SGID Set Group ID to dump core they may launch a symlink attack by guessing the PID Process ID of the SGID process which they are calling...

SCO Unixware 7.0/7.0.1/7.1/7.1.1 Privileged Program Debugging Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/869/info Unixware's security model includes the concept of privileges. These can be assigned to processes and allow them to perform tasks that otherwise could only be performed by the root user. They allow programs to run...

Solaris/SPARC 2.5.1/2.6/7/8 Derived 'login' Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3681/info The 'login' program is used in UNIX systems to authenticate users with a username and password. The utility is typically invoked at the console, by 'telnetd', 'rlogind', and if configured to do so, SSH. Versions...

Solaris 2.x/7.0/8 Derived 'login' Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3681/info The 'login' program is used in UNIX systems to authenticate users with a username and password. The utility is typically invoked at the console, by 'telnetd', 'rlogind', and if configured to do so, SSH. Versions...

Unixware 7.0 SCOhelp HTTP Server Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1717/info SCO Unixware 7 default installation includes scohelp, an http server that listens on port 457/tcp and allows access to manual pages and other documentation files. The search CGI script provided for that purpose...