PT-2001-2289 · Sco · Sco Openserver

Published

2001-06-13

Updated

2017-07-11

CVE-2001-1148

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SCO OpenServer version 5.0.6a and earlier

Description The issue concerns multiple buffer overflows in programs used by scoadmin and sysadmsh. These overflows can be triggered by local users who can gain privileges by setting a long TERM environment variable. The affected programs include atcronsh, auditsh, authsh, backupsh, lpsh, sysadm.menu, and termsh.

Recommendations For SCO OpenServer version 5.0.6a and earlier, consider restricting access to the affected programs until a patch is available. As a temporary workaround, avoid using a long TERM environment variable in the affected programs. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-1148

Affected Products

Sco Openserver

PT-2001-2289 · Sco · Sco Openserver

CVE-2001-1148

Related Identifiers

Affected Products

References · 4