The scosession program in OpenServer 5.0.6 and 5.0.7 allows local users to gain privileges via crafted strings on the commandline.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openserver | Sco | 5.0 (including) | 5.0 (including) |
| Openserver | Sco | 5.0.1 (including) | 5.0.1 (including) |
| Openserver | Sco | 5.0.2 (including) | 5.0.2 (including) |
| Openserver | Sco | 5.0.3 (including) | 5.0.3 (including) |
| Openserver | Sco | 5.0.4 (including) | 5.0.4 (including) |
| Openserver | Sco | 5.0.5 (including) | 5.0.5 (including) |
| Openserver | Sco | 5.0.6 (including) | 5.0.6 (including) |
| Openserver | Sco | 5.0.6a (including) | 5.0.6a (including) |
| Openserver | Sco | 5.0.7 (including) | 5.0.7 (including) |
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.5/SCOSA-2005.5.txt
- http://secunia.com/advisories/14012/
- http://www.kb.cert.org/vuls/id/972598
- http://www.securityfocus.com/bid/12372
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19479
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.5/SCOSA-2005.5.txt
- http://secunia.com/advisories/14012/
- http://www.kb.cert.org/vuls/id/972598
- http://www.securityfocus.com/bid/12372
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19479