Sco Security Vulnerabilities

CVE-1999-0368

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

CVE-1999-0411

Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, including S84rpcinit, S95nis, S85tcp, and S89nfs, are vulnerable to a symlink attack, allowing a local user to gain root access.

CVE-1999-0476

A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user.

CVE-1999-0693

Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.

CVE-1999-0697

SCO Doctor allows local users to gain root privileges through a Tools option.

CVE-1999-0825

The default permissions for UnixWare /var/mail allow local users to read and modify other users' mail.

CVE-1999-0828

UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission.

CVE-1999-0830

Buffer overflow in SCO UnixWare Xsco command via a long argument.

CVE-1999-0835

Denial of service in BIND named via malformed SIG records.

CVE-1999-0845

Buffer overflow in SCO su program allows local users to gain root access via a long username.

CVE-1999-0851

Denial of service in BIND named via naptr.

CVE-1999-0864

UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file.

CVE-1999-0866

Buffer overflow in UnixWare xauto program allows local users to gain root privilege.

CVE-1999-0893

userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack.

CVE-1999-0942

UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes.

CVE-1999-0979

The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed.

CVE-1999-0988

UnixWare pkgtrans allows local users to read arbitrary files via a symlink attack.

CVE-1999-1450

Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX OpenServer 5.0.5 and earlier, and SCO UnixWare 7.0.1 and earlier, allows remote attackers to gain privileges.

CVE-1999-1571

Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may allow local users to gain root privileges via a long -f parameter, a different vulnerability than CVE-1999-1570.

CVE-2000-0003

Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable.

CVE-2000-0026

Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string.

CVE-2000-0029

UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack.

CVE-2000-0099

Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument.

CVE-2000-0130

Buffer overflow in SCO scohelp program allows remote attackers to execute commands.

CVE-2000-0147

snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration.

CVE-2000-0154

The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack.

CVE-2000-0158

Buffer overflow in MMDF server allows remote attackers to gain privileges via a long MAIL FROM command to the SMTP daemon.

CVE-2000-0173

Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote attackers to cause a denial of service.

CVE-2000-0215

Vulnerability in SCO cu program in UnixWare 7.x allows local users to gain privileges.

CVE-2000-0224

ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack.

CVE-2000-0306

Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message.

CVE-2000-0307

Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and earlier allows an attacker to cause a denial of service which prevents access to reserved port numbers below 1024.

CVE-2000-0308

Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges.

CVE-2000-0348

A vulnerability in the Sendmail configuration file sendmail.cf as installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain root privileges.

CVE-2000-0349

Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an attacker to cause a denial of service.

CVE-2000-0351

Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages.

CVE-2000-0842

The search97cgi/vtopic" in the UnixWare 7 scohelphttp webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack.

CVE-2000-1014

Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter.

CVE-2001-0575

Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a long first argument to lpshut.

CVE-2001-0576

lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter.

CVE-2001-0577

recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first command line argument.

CVE-2001-0578

Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a local attacker to gain additional privileges via a long first argument to the lpforms command.

CVE-2001-0579

lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command.

CVE-2001-0587

deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.

CVE-2001-0588

sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO OpenServer 5.0.6, can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.

CVE-2001-0627

vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker to overwrite arbitrary files via a symlink attack.

CVE-2001-0797

Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

CVE-2001-0896

Inetd in OpenServer 5.0.5 allows remote attackers to cause a denial of service (crash) via a port scan, e.g. with nmap -PO.

CVE-2001-1148

Multiple buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to (1) atcronsh, (2) auditsh, (3) authsh, (4) backupsh, (5) lpsh, (6) sysadm.menu, or (7) termsh.

CVE-2001-1508

Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows local users to execute arbitrary code as group bin via a long command line argument.