iDefense Security Advisory 02.24.06 - Local exploitation of an access validation error in SCO Unixware allows attackers to gain root privileges. The vulnerability specifically exists due to a failure to check permissions on traced executables. The ptrace() system call provides an interface for debugging other processes on the system. SCO Unixware's implementation of the ptrace system call fails to check for setuid permissions on binaries before attaching to the process. This results in the complete control of memory and execution for the traced process with root privileges. Attackers can inject data into the running setuid process and execute arbitrary code with root permissions. iDefense has confirmed the existence of this vulnerability in SCO Unixware versions 7.1.3 and 7.1.4. All previous versions of SCO Unixware are suspected to be vulnerable.
6eaaa424b75ac17dcb4ec8cdd9b4609599cfbdd9bbe9aea98a0e116202a59614Secunia Security Advisory - A vulnerability has been reported in UnixWare, which can be exploited by malicious, local users to gain escalated privileges.
e42ea000ff7162d71b8e3708f5795db69b824c5443f9fa2613caf9907ba7ccb0Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
6cda0a49500a9a6297a838d0bb6f347a2a1857f1f1255ba8263ff1a53bdd19c3Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
0c7021635a0c2cc47be8758fd56fdeb7c33cac289d853d193f4cb38cdfb4f1fcSecunia Security Advisory - A vulnerability has been reported in UnixWare, which can be exploited by malicious people to cause a DoS (Denial of Service) on active TCP sessions.
bee2811e9eab1566b8c613bad8b6fbe274c00aebe6185e8d1c1997d01fd417a3iDEFENSE Security Advisory 12.12.05 - Local exploitation of a buffer overflow vulnerability in the uidadmin binary included in multiple versions of The SCO Group Inc.'s Unixware allows attackers to gain root privileges. iDefense has confirmed the existence of this vulnerability in SCO Unixware versions 7.1.3 and 7.1.4. All previous versions of SCO Unixware are suspected to be vulnerable.
81d6f5c861aa58608e968aa8e634230e92cf48aa302927c34830e5e2ebeef582SCO Security Advisory - Cross-site scripting vulnerability in docview (htdig) under UnixWare 7.1.3 and UnixWare 7.1.4 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
8948f1f7a616d3f968054e459f46c68794386b15c994b4b12f89f92fd3ea5f4aSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
c3847b96379983d0f3f4c0a1a649e54a5d96e8ea9930b2222a45f39f34176b70iDEFENSE Security Advisory 10.24.05 - Local exploitation of a buffer overflow vulnerability in the ppp binary, as included in multiple versions of The SCO Group Inc.'s Unixware, allows attackers to gain root privileges.
9b7b97200e4750b2274b1b81babc045334523a9e5e30d75d95f0457665a531e2SCO Security Advisory - iDEFENSE has identified a Buffer Overflow vulnerability in SCO Unixware ppp prompt. Local exploitation of a buffer overflow vulnerability in the ppp binary, allows attackers to gain root privileges.
52844b9a3101e4ce8cadab981c41468ce7e578544ae531927abae4e4d937634bSecunia Security Advisory - A vulnerability has been reported in UnixWare, which can be exploited by malicious, local users to gain escalated privileges.
dcdea9d8708264a03b8bb3f178432541923b679eb3bf19a68b86467aeacad870Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
4233294c6ee45f649135d7b635aa0d7ef91520b39c076a4ccdb29e51f29034fdSecunia Security Advisory - SCO has issued an update for UnixWare. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) on an active TCP session.
b83b72088a738c39fa2c6fa52148b4999c66a8ce1513dbdac22be778283fdba1Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
353814e8aa9c797c80d6d97d711344c29f8dad56ab9af3cfbd9f2836fed3588aSecunia Security Advisory - SCO has acknowledged some vulnerabilities in zlib included with UnixWare. These can be exploited by malicious, local users to cause a DoS (Denial of Service), or by malicious people to cause a DoS or potentially compromise a vulnerable system.
5d9169432768fdf09f644a7fbc42aadb7855e6a17159283927e6f1eb9f96678cSecunia Security Advisory - UnixWare has issued an update for cpio. This fixes a vulnerability, which can be exploited by malicious people to cause files to be unpacked to arbitrary locations on a user's system.
c2186bdb301a33b59cc911d06667f632d520652a4b0de29839a1031062906c75Secunia Security Advisory - Yun Jonglim has reported a vulnerability in UnixWare, which can be exploited by malicious people to cause a DoS (Denial of Service).
0f07b51b103ff9ef10c0fbe1da4f791a4bb774da3895e301057ad6a51ae1d019When the UnixWare 7.x version of the RPC portmapper (rpcbind) receives an invalid portmap request, it falls into a denial of service state and cannot respond.
8807b2907f72caa93595e16a3af544c8a1a1d674b4ca5df6487e048bed5f118bSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
95771c01b986f36b5fc1d7d8c43de9b4baa24471d2e0c879d4381d8c680f1670Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
5fd1ea6804f7289d380a3ed5189d08a61e03bcff759648804d8ddcdf558e1d5aSecunia Security Advisory - Unixware has issued an update for telnet. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.
ca7123ba0d173808e31ef5c7d0e94b819224307de4b2b3a1b7b6486e37836c45Secunia Security Advisory - SCO has acknowledged a vulnerability in UnixWare, which can be exploited by malicious people to compromise a vulnerable system.
81b3b1e0952580ca80d2a52edd8595ae38efa25b74d2b0057ec8cbaab7c0cbf4Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
6562f374bb4320f0d58eed75a8bffb9139db8ef97bb941f041f7b91aa8cd191cSCO Security Advisory - A vulnerability has been reported in UnixWare, which potentially can be exploited by malicious, local users to hijack local sockets.
31041ff5b45862c00e151b4e8be11d37a1e651ff64039f9ef1d718e496f98f69SCO UnixWare mountd suffers from a denial of service vulnerability. Versions 7.1.4, 7.1.3, 7.1.1, and 7.0.1 are affected.
2abd68286135616dddfa95724b7ef045c27b565df8b1b2e6c23e36686593305e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed