CVE-2001-1148

Name of the Vulnerable Software and Affected Versions SCO OpenServer version 5.0.6a and earlier

Description The issue concerns multiple buffer overflows in programs used by scoadmin and sysadmsh. These overflows can be triggered by local users who can gain privileges by setting a long TERM environment variable. The affected programs include atcronsh, auditsh, authsh, backupsh, lpsh, sysadm.menu, and termsh.

Recommendations For SCO OpenServer version 5.0.6a and earlier, consider restricting access to the affected programs until a patch is available. As a temporary workaround, avoid using a long TERM environment variable in the affected programs. At the moment, there is no information about a newer version that contains a fix for this issue.