CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SCO : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-1432 2011-03-16 2011-03-17
6.8
None Remote Medium Not required Partial Partial Partial
The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
2 CVE-2009-1552 DoS 2009-05-06 2009-05-07
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the IGMP driver in SCO Unixware Release 7.1.4 Maintenance Pack 4 allows attackers to cause a denial of service (system panic) via unspecified vectors.
3 CVE-2008-6559 20 1 +Priv 2009-03-30 2009-03-31
7.2
Admin Local Low Not required Complete Complete Complete
Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. (dot dot) sequences that point to a directory containing a file whose name includes shell metacharacters.
4 CVE-2008-6558 20 1 +Priv 2009-03-30 2009-07-24
7.2
None Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANT_PATH environment variable to point to a malicious bin/hvenv program.
5 CVE-2008-1343 22 +Priv Dir. Trav. 2008-03-17 2008-09-05
4.9
None Local Low Not required None Complete None
Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors.
6 CVE-2008-0310 22 1 Dir. Trav. 2008-04-07 2008-09-05
6.9
Admin Local Medium Not required Complete Complete Complete
Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST.
7 CVE-2006-4655 Overflow +Priv 2006-09-08 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.
8 CVE-2006-0072 Exec Code Overflow 2006-01-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector.
9 CVE-2005-3903 Exec Code Overflow 2005-12-14 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows local users to execute arbitrary code via a -S (scheme) argument that specifies a large file, a different vulnerability than CVE-2001-1063.
10 CVE-2005-3625 399 DoS 2005-12-31 2010-10-18
10.0
None Remote Low Not required Complete Complete Complete
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
11 CVE-2005-3624 189 Overflow 2005-12-31 2010-11-19
5.0
None Remote Low Not required None Partial None
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
12 CVE-2005-2934 +Priv 2005-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 allows local users to gain privileges via unspecified vectors.
13 CVE-2005-2927 Exec Code Overflow 2005-10-25 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, and possibly earlier versions, allows local users to execute arbitrary code via a long argument to the (1) prompt or (2) defprompt command.
14 CVE-2005-2926 Exec Code Overflow 2005-10-25 2008-10-24
4.6
User Local Low Not required Partial Partial Partial
Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO Openserver 5.0.7 allows local users to execute arbitrary code via a long HOME environment variable.
15 CVE-2005-2132 DoS 2005-08-03 2008-09-05
2.1
None Local Low Not required None None Partial
RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1.4 mp2 allows remote attackers or local users to cause a denial of service (lack of response) via multiple invalid portmap requests.
16 CVE-2005-0993 Exec Code Overflow 2005-05-02 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users to execute arbitrary code via a long command line argument.
17 CVE-2005-0351 119 Exec Code Overflow 2005-04-07 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO OpenServer 5.0.6 and 5.0.7 might allow local users to execute arbitrary code via a long HOME environment variable.
18 CVE-2005-0134 2005-05-18 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly create socket directories in /tmp, which could allow attackers to hijack local sockets.
19 CVE-2005-0109 +Info 2005-03-05 2010-08-21
7.2
None Local Low Not required Complete Complete Complete
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.
20 CVE-2004-1307 Exec Code Overflow 2004-12-21 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
21 CVE-2004-1131 Exec Code Overflow 2005-02-07 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Multiple buffer overflows in the enable command for SCO OpenServer 5.0.6 and 5.0.7 allow local users to execute arbitrary code via long command line arguments.
22 CVE-2004-1124 2004-01-14 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 allows local users to escape the chroot jail and conduct unauthorized activities.
23 CVE-2004-1082 2004-02-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
24 CVE-2004-1039 DoS 2005-01-11 2008-09-05
5.0
None Remote Low Not required None None Partial
The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, and possibly other versions, when run from inetd, allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests, which causes inetd to launch a separate process for each request.
25 CVE-2004-0996 2005-01-10 2008-09-05
2.1
None Local Low Not required None Partial None
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
26 CVE-2004-0512 DoS 2004-12-23 2008-09-05
2.1
None Local Low Not required None None Partial
Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a core dump.
27 CVE-2004-0511 DoS 2004-12-23 2008-09-05
2.1
None Local Low Not required None None Partial
Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a null dereference.
28 CVE-2004-0510 Exec Code Overflow 2004-12-23 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to execute arbitrary code, as demonstrated via the execmail program.
29 CVE-2004-0390 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style access control when users log in using scologin, which allows remote attackers to gain unauthorized access to an X session via other X login methods.
30 CVE-2004-0112 DoS 2004-11-23 2010-08-21
5.0
None Remote Low Not required None None Partial
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
31 CVE-2004-0081 DoS 2004-11-23 2010-08-21
5.0
None Remote Low Not required None None Partial
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
32 CVE-2004-0079 DoS 2004-11-23 2010-08-21
5.0
None Remote Low Not required None None Partial
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
33 CVE-2003-1021 +Priv 2005-01-26 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The scosession program in OpenServer 5.0.6 and 5.0.7 allows local users to gain privileges via crafted strings on the commandline.
34 CVE-2003-0937 Bypass 2003-12-15 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user.
35 CVE-2003-0914 2003-12-15 2008-09-10
4.3
None Remote Medium Not required None Partial None
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
36 CVE-2003-0872 2003-11-17 2008-09-05
2.1
None Local Low Not required None Partial None
Certain scripts in OpenServer before 5.0.6 allow local users to overwrite files and conduct other unauthorized activities via a symlink attack on temporary files.
37 CVE-2003-0834 Exec Code Overflow 2003-12-01 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME.
38 CVE-2003-0791 2003-10-07 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
39 CVE-2003-0742 2003-10-06 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program.
40 CVE-2003-0658 2003-10-20 2008-09-10
5.0
None Remote Low Not required Partial None None
Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
41 CVE-2003-0597 +Priv 2003-08-27 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7.1.x allows local users to gain root privileges.
42 CVE-2003-0282 Dir. Trav. 2003-06-16 2008-09-10
2.6
None Remote High Not required None Partial None
Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.
43 CVE-2002-1998 Exec Code Overflow 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows remote attackers to execute arbitrary commands via a long parameter to rtable_create (procedure 21).
44 CVE-2002-1323 2002-12-11 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
45 CVE-2002-1199 Dir. Trav. 2002-10-28 2008-09-10
5.0
None Remote Low Not required Partial None None
The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.
46 CVE-2002-0716 +Priv 2002-07-26 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument.
47 CVE-2001-1579 DoS 2001-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not properly terminate certain strings with a null, which allows remote attackers to cause a denial of service.
48 CVE-2001-1578 2001-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local users to modify critical information such as certain CPU registers and segment descriptors.
49 CVE-2001-1508 Exec Code Overflow 2001-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows local users to execute arbitrary code as group bin via a long command line argument.
50 CVE-2001-1148 Overflow +Priv 2001-06-13 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Multiple buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to (1) atcronsh, (2) auditsh, (3) authsh, (4) backupsh, (5) lpsh, (6) sysadm.menu, or (7) termsh.
Total number of vulnerabilities : 127   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.