22 matches found
SCO Unixware 7.1 i2odialogd Remote Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/876/info UnixWare is a variant of the Unix operating system originally written by SCO, and distributed and maintained by Caldera. i20dialogd is a daemon which provides a front-end for controlling the i20 subsystem. It is...
SCO Unixware 7.1/7.1.1 ARCserver /tmp symlink Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/988/info A symlink following vulnerability exists in the ARCserve agent, as shipped with SCO Unixware 7. Upon startup, the asagent program will create several files in /tmp. These are created mode 777, and can be removed...
SCO Unixware 7.0/7.0.1/7.1/7.1.1 'coredump' Symlink Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/851/info Under certain versions of SCO UnixWare if a user can force a program with SGID Set Group ID to dump core they may launch a symlink attack by guessing the PID Process ID of the SGID process which they are calling...
SCO Unixware 7.1 'pkg' commands Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/850/info Certain versions of SCO's Unixware only version 7.1 was tested ship with a series of package install/removal utilities which due to design issues under the SCO UnixWare operating system may read any file on the...
SCO Unixware 7.1 pkgcat Buffer Overflow
No description provided by source. source: http://www.securityfocus.com/bid/853/info It is possible to view the entries in /etc/shadow through exploiting a buffer overflow in pkgcat and pkginstall. Though neither of these binaries are setuid, the dacread permissions which are granted in...
SCO Unixware 7.1 pkginstall Buffer Overflow
No description provided by source. source: http://www.securityfocus.com/bid/853/info It is possible to view the entries in /etc/shadow through exploiting a buffer overflow in pkgcat and pkginstall. Though neither of these binaries are setuid, the dacread permissions which are granted in...
Netscape FastTrack Server 2.0.1 a GET Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/908/info The version of Netscape FastTrack server that ships with UnixWare 7.1 is vulnerable to a remote buffer overlow. By default, the httpd listens on port 457 of the UnixWare host and serves documentation via http. If...
CVE-2000-0173
Vulnerability in the EELS system on SCO UnixWare 7.1.x enables remote attackers to cause a denial of service. The provided documents identify the affected product (UnixWare 7.1.x, EELS component) and the impact (remote DoS) but do not specify the underlying root cause, vulnerable function/file, o...
CVE-2000-0173
Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote attackers to cause a denial of service...
fastrack.remote.txt
Greetings, OVERVIEW A vulnerability in Netscape FastTrack 2.01a will allow any remote user to execute commands as the user running the httpd daemon probably nobody. This service is running by default on a standard UnixWare 7.1 installation. BACKGROUND I've only tested the version of Netscape...
Netscape FastTrack Server 2.0.1a - GET Buffer Overflow
Netscape FastTrack Server 2.0.1a - GET Buffer Overflow // source: https://www.securityfocus.com/bid/908/info The version of Netscape FastTrack server that ships with UnixWare 7.1 is vulnerable to a remote buffer overlow. By default, the httpd listens on port 457 of the UnixWare host and serves...
Netscape FastTrack Server 2.0.1a - GET Buffer Overflow
// source: https://www.securityfocus.com/bid/908/info The version of Netscape FastTrack server that ships with UnixWare 7.1 is vulnerable to a remote buffer overlow. By default, the httpd listens on port 457 of the UnixWare host and serves documentation via http. If you pass the server a GET...
unixware.netstation.txt
Greetings, OVERVIEW A vulnerability in IBM's Network Station Manager will allow any local user to gain root privileges. BACKGROUND Though I only tested NetStation on UnixWare 7.1, I would imagine that this vulnerability is present on most NetStation implementations. This daemon is installed/runni...
unixware7.mail.txt
Greetings, OVERVIEW Any user can read/modify others' mail. BACKGROUND Only UnixWare 7.1 was tested. DETAILS Imagine my suprise when I saw that /var/mail was mode 777. As such, any user may create a file called /var/mail/ with a mode readable by him and trap all incoming mail. Afraid of getting...
unixware.pkg.txt
Greetings, OVERVIEW Any user may read any file on the system. BACKGROUND Only UnixWare 7.1 has been tested. DETAILS As previously stated, UnixWare binaries gain additional privileges via standard suid/sgid AND /etc/security/tcb/privs. The majority of the UnixWare "pkg" command, such as pkginfo,...
SCO Unixware 7.1 pkgcat - Local Buffer Overflow
// source: https://www.securityfocus.com/bid/853/info It is possible to view the entries in /etc/shadow through exploiting a buffer overflow in pkgcat and pkginstall. Though neither of these binaries are setuid, the dacread permissions which are granted in /etc/security/tcb/privs give them the...
SCO Unixware 7.1 pkginstall - Local Buffer Overflow
// source: https://www.securityfocus.com/bid/853/info It is possible to view the entries in /etc/shadow through exploiting a buffer overflow in pkgcat and pkginstall. Though neither of these binaries are setuid, the dacread permissions which are granted in /etc/security/tcb/privs give them the...
unixware.chown.txt
Greetings, OVERVIEW Any user can change the owner of any file he or she owns. BACKGROUND All my testing was done on UnixWare 7.1, however chances are excellent that this problem exists for all versions of UnixWare. DETAILS This hole is, erm, different. Apparently any user can change the ownership...
SCO Unixware 7.1 - varmail Permissions
SCO Unixware 7.1 - varmail Permissions source: https://www.securityfocus.com/bid/849/info Certain versions of SCO's UnixWare only 7.1 was tested ship with the /var/mail/ directory with permission 777-rwxrwxrwx . This in effect allows malicious users to read incoming mail for users who do not yet...
SCO Unixware 7.1 - 'pkg' Local Privilege Escalation
source: https://www.securityfocus.com/bid/850/info Certain versions of SCO's Unixware only version 7.1 was tested ship with a series of package install/removal utilities which due to design issues under the SCO UnixWare operating system may read any file on the system regardless of their permissi...