PT-2002-2719 · Sco · Open Unix+1
Published
2002-12-31
·
Updated
2008-09-05
·
CVE-2002-1998
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SCO UnixWare version 7.1.1
Open UNIX version 8.0.0
Description
The issue is related to a buffer overflow in the rpc.cmsd service. It allows remote attackers to execute arbitrary commands by providing a long parameter to the
rtable create procedure, specifically procedure 21.Recommendations
For SCO UnixWare version 7.1.1, consider disabling the rpc.cmsd service until a patch is available.
For Open UNIX version 8.0.0, restrict access to the rpc.cmsd service to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Open Unix
Sco Unixware