Sco: >> Openserver >> 5.0.6 Security Vulnerabilities
Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector.
CVSS Score
7.5
EPSS Score
0.054
Published
2006-01-04
Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO Openserver 5.0.7 allows local users to execute arbitrary code via a long HOME environment variable.
CVSS Score
4.6
EPSS Score
0.002
Published
2005-10-25
Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users to execute arbitrary code via a long command line argument.
CVSS Score
4.6
EPSS Score
0.002
Published
2005-05-02
Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO OpenServer 5.0.6 and 5.0.7 might allow local users to execute arbitrary code via a long HOME environment variable.
CVSS Score
4.6
EPSS Score
0.001
Published
2005-04-07
Multiple buffer overflows in the enable command for SCO OpenServer 5.0.6 and 5.0.7 allow local users to execute arbitrary code via long command line arguments.
CVSS Score
7.2
EPSS Score
0.001
Published
2005-02-07
The scosession program in OpenServer 5.0.6 and 5.0.7 allows local users to gain privileges via crafted strings on the commandline.
CVSS Score
7.2
EPSS Score
0.001
Published
2005-01-26
The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, and possibly other versions, when run from inetd, allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests, which causes inetd to launch a separate process for each request.
CVSS Score
5.0
EPSS Score
0.008
Published
2005-01-11
SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style access control when users log in using scologin, which allows remote attackers to gain unauthorized access to an X session via other X login methods.
CVSS Score
7.5
EPSS Score
0.034
Published
2004-12-31
Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to execute arbitrary code, as demonstrated via the execmail program.
CVSS Score
7.2
EPSS Score
0.005
Published
2004-12-23
Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a null dereference.
CVSS Score
2.1
EPSS Score
0.019
Published
2004-12-23
Page 1