X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop privileges before calling programs such as xkbcomp using popen, which could allow local users to gain privileges.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Unixware | Caldera | 7.1.1 (including) | 7.1.1 (including) |
References
- ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.38
- http://www.iss.net/security_center/static/9976.php
- http://www.osvdb.org/5044
- http://www.securityfocus.com/bid/5575
- ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.38
- http://www.iss.net/security_center/static/9976.php
- http://www.osvdb.org/5044
- http://www.securityfocus.com/bid/5575