CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SCO : Security Vulnerabilities (Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-6559 20 1 +Priv 2009-03-30 2009-03-31
7.2
Admin Local Low Not required Complete Complete Complete
Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. (dot dot) sequences that point to a directory containing a file whose name includes shell metacharacters.
2 CVE-2008-6558 20 1 +Priv 2009-03-30 2009-07-24
7.2
None Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANT_PATH environment variable to point to a malicious bin/hvenv program.
3 CVE-2008-1343 22 +Priv Dir. Trav. 2008-03-17 2008-09-05
4.9
None Local Low Not required None Complete None
Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors.
4 CVE-2006-4655 Overflow +Priv 2006-09-08 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.
5 CVE-2005-2934 +Priv 2005-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 allows local users to gain privileges via unspecified vectors.
6 CVE-2003-1021 +Priv 2005-01-26 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The scosession program in OpenServer 5.0.6 and 5.0.7 allows local users to gain privileges via crafted strings on the commandline.
7 CVE-2003-0597 +Priv 2003-08-27 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7.1.x allows local users to gain root privileges.
8 CVE-2002-0716 +Priv 2002-07-26 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument.
9 CVE-2001-1148 Overflow +Priv 2001-06-13 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Multiple buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to (1) atcronsh, (2) auditsh, (3) authsh, (4) backupsh, (5) lpsh, (6) sysadm.menu, or (7) termsh.
10 CVE-2001-0588 Overflow +Priv 2001-08-22 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO OpenServer 5.0.6, can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.
11 CVE-2001-0587 Overflow +Priv 2001-08-22 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.
12 CVE-2001-0579 Overflow +Priv 2001-08-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command.
13 CVE-2001-0578 Overflow +Priv 2001-08-22 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a local attacker to gain additional privileges via a long first argument to the lpforms command.
14 CVE-2001-0577 Overflow +Priv 2001-08-22 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first command line argument.
15 CVE-2001-0576 Overflow +Priv 2001-08-22 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter.
16 CVE-2001-0575 Overflow +Priv 2001-08-22 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a long first argument to lpshut.
17 CVE-2000-0348 +Priv 2001-03-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
A vulnerability in the Sendmail configuration file sendmail.cf as installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain root privileges.
18 CVE-2000-0308 +Priv 2001-03-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges.
19 CVE-2000-0224 +Priv 2000-02-15 2008-09-10
1.2
None Local High Not required None Partial None
ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack.
20 CVE-2000-0215 +Priv 2000-02-08 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Vulnerability in SCO cu program in UnixWare 7.x allows local users to gain privileges.
21 CVE-2000-0158 Overflow +Priv 2000-02-16 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in MMDF server allows remote attackers to gain privileges via a long MAIL FROM command to the SMTP daemon.
22 CVE-2000-0099 Overflow +Priv 2000-01-18 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument.
23 CVE-2000-0029 +Priv 1999-12-27 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack.
24 CVE-2000-0003 Overflow +Priv 1999-12-30 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable.
25 CVE-1999-1571 Overflow +Priv 1999-11-04 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may allow local users to gain root privileges via a long -f parameter, a different vulnerability than CVE-1999-1570.
26 CVE-1999-1450 +Priv 1999-01-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX OpenServer 5.0.5 and earlier, and SCO UnixWare 7.0.1 and earlier, allows remote attackers to gain privileges.
27 CVE-1999-1253 +Priv 1996-06-07 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Vulnerability in a kernel error handling routine in SCO OpenServer 5.0.2 and earlier, and SCO Internet FastStart 1.0, allows local users to gain root privileges.
28 CVE-1999-1252 +Priv 1996-09-04 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 allows local users to access arbitrary files and gain root privileges.
29 CVE-1999-1209 +Priv 1997-11-20 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges.
30 CVE-1999-1185 Overflow +Priv 1998-10-06 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in SCO mscreen allows local users to gain root privileges via a long terminal entry (TERM) in the .mscreenrc file.
31 CVE-1999-0979 +Priv 2000-04-11 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed.
32 CVE-1999-0942 +Priv 1999-10-04 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes.
33 CVE-1999-0866 Overflow +Priv 1999-12-03 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in UnixWare xauto program allows local users to gain root privilege.
34 CVE-1999-0697 +Priv 1999-09-09 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
SCO Doctor allows local users to gain root privileges through a Tools option.
35 CVE-1999-0693 Overflow +Priv 2000-03-02 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.
36 CVE-1999-0023 Overflow +Priv 1996-07-24 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
Local user gains root privileges via buffer overflow in rdist, via lookup() function.
Total number of vulnerabilities : 36   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.