CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SCO » Openserver » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:sco:openserver:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-2926 Exec Code Overflow 2005-10-25 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO Openserver 5.0.7 allows local users to execute arbitrary code via a long HOME environment variable.
2 CVE-2001-1148 Overflow +Priv 2001-06-13 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Multiple buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to (1) atcronsh, (2) auditsh, (3) authsh, (4) backupsh, (5) lpsh, (6) sysadm.menu, or (7) termsh.
3 CVE-2001-0579 Overflow +Priv 2001-08-22 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command.
4 CVE-2001-0578 Overflow +Priv 2001-08-22 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a local attacker to gain additional privileges via a long first argument to the lpforms command.
5 CVE-2001-0577 Overflow +Priv 2001-08-22 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first command line argument.
6 CVE-2001-0576 119 Overflow +Priv 2001-08-22 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter.
7 CVE-2000-0307 DoS 2001-03-12 2008-09-05
5.0
None Remote Low Not required None None Partial
Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and earlier allows an attacker to cause a denial of service which prevents access to reserved port numbers below 1024.
8 CVE-2000-0306 Overflow 2001-03-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message.
9 CVE-1999-1450 +Priv 1999-01-27 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX OpenServer 5.0.5 and earlier, and SCO UnixWare 7.0.1 and earlier, allows remote attackers to gain privileges.
10 CVE-1999-1253 +Priv 1996-06-07 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in a kernel error handling routine in SCO OpenServer 5.0.2 and earlier, and SCO Internet FastStart 1.0, allows local users to gain root privileges.
11 CVE-1999-0798 Overflow 1998-12-04 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.
12 CVE-1999-0476 1999-03-01 2008-09-09
7.2
None Local Low Not required Complete Complete Complete
A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user.
Total number of vulnerabilities : 12   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.