[Full-Disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : MMDF Various buffer overflows and other security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SCO Security Advisory Subject: OpenServer 5.0.6 OpenServer 5.0.7 : MMDF Various buffer overflows and other security issues Advisory number: SCOSA-2004.7 Issue date: 2004 July 14 Cross reference: sr884728 fz528322 erg712434 CAN-2004-0510 CAN-2004-0511...

CVE-2003-0872

Certain scripts in OpenServer before 5.0.6 allow local users to overwrite files and conduct other unauthorized activities via a symlink attack on temporary files...

CVE-2003-0872

The CVE-2003-0872 issue affects OpenServer prior to version 5.0.6. The vulnerability arises from insecure handling of temporary files in several OpenServer scripts, enabling local users to overwrite files via a symlink attack on /tmp and perform other unauthorized activities. According to the CVE...

CVE-2003-0872

Certain scripts in OpenServer before 5.0.6 allow local users to overwrite files and conduct other unauthorized activities via a symlink attack on temporary files...

Symlink problems in OpenServer

Multiple scripts create files in /tmp in insecure way...

OpenServer 5.0.5 : Insecure creation of files in /tmp

To: [email protected] [email protected] [email protected] etsys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SCO Security Advisory Subject: OpenServer 5.0.5 : Insecure creation of files in /tmp Advisory number: CSSA-2003-SCO.27 Issue date: 2003 October 20 Cross...

OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Multiple security vulnerabilities in Xsco

To: [email protected] [email protected] [email protected] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SCO Security Advisory Subject: OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Multiple security vulnerabilities in Xsco Advisory number: CSSA-2003-SCO.26...

SCO OpenServer Multiple Local Privilege Escalation Vulnerabilities

According to its telnet banner, the remote host is a SCO Unix server running OpenServer version 5.0.5, 5.0.6, or 5.0.7. Such versions are vulnerable to two distinct exploits. Namely, - Xsco can be locally exploited by any valid user in order to escalate their privileges to 'root'. The bug is due ...

TEXONET-20030902.txt

----------------------------------------------------------------------- Texonet Security Advisory 20030902 ----------------------------------------------------------------------- Advisory ID : TEXONET-20030902 Authors : Joel Soderberg and Christer Oberg Issue date : Tuesday, September 02, 2003...

OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : SCO Internet Manager - local users can gain root level privileges.

To: [email protected] [email protected] [email protected] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SCO Security Advisory Subject: OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : SCO Internet Manager - local users can gain root level privileges. Advisory...

SCO OpenServer 5.0.x - mana REMOTE_ADDR Authentication Bypass

SCO OpenServer 5.0.x - mana REMOTEADDR Authentication Bypass !/bin/sh source: https://www.securityfocus.com/bid/8616/info It has been reported that SCO OpenServer Internet Manager 'mana' process is prone to an authentication bypass issue. The issue is reported to occur as a local user is able to...

SCO OpenServer 5.0.x - mana PATH_INFO Privilege Escalation

SCO OpenServer 5.0.x - mana PATHINFO Privilege Escalation source: https://www.securityfocus.com/bid/8618/info It has been reported that SCO OpenServer Inertnet Manager 'mana' process is prone to a privilege escalation issue allow local users to execute arbitrary code with elevated privileges. man...

SCO OpenServer 5.0.x - 'mana' PATH_INFO Privilege Escalation

source: https://www.securityfocus.com/bid/8618/info It has been reported that SCO OpenServer Inertnet Manager 'mana' process is prone to a privilege escalation issue allow local users to execute arbitrary code with elevated privileges. mana normally requires authentication, but this may be...

SCO OpenServer 5.0.x - 'mana' 'REMOTE_ADDR' Authentication Bypass

!/bin/sh source: https://www.securityfocus.com/bid/8616/info It has been reported that SCO OpenServer Internet Manager 'mana' process is prone to an authentication bypass issue. The issue is reported to occur as a local user is able to export the REMOTEADDR environment variable and set its value ...

CVE-2003-0658

The CVE-2003-0658 issue affects Docview prior to 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, and OpenServer 5.0.7, where Apache is misconfigured to allow remote attackers to read arbitrary publicly readable files via a specific URL (likely related to rewrite rules). The PT security document...

CVE-2002-0716

CVE-2002-0716 describes a format string vulnerability in the crontab component of SCO OpenServer 5.0.5 and 5.0.6 . The issue arises from format string specifiers in the file name argument , allowing local users to gain privileges . The vulnerability is tied to the crontab handling of a file name ...

CVE-2002-0887

CVE-2002-0887 affects scoadmin on Caldera/SCO OpenServer 5.0.5 and 5.0.6. The vulnerability is a symlink attack on temporary files (demonstrated via log files) that allows local users to overwrite arbitrary files, indicating a local access requirement and partial integrity impact. The NVD CVSS me...

CVE-2002-0442

Buffer overflow in dlvraudit for Caldera OpenServer 5.0.5 and 5.0.6 allows local users to gain root privileges...

CVE-2002-0716

Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument...

CVE-2002-0887

scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using log files...