SCO OpenServer Multiple Local Privilege Escalation Vulnerabilities

high Nessus Plugin ID 11895

Language:

Synopsis

The remote server is affected by multiple local privilege escalation vulnerabilities.

Description

According to its telnet banner, the remote host is a SCO Unix server running OpenServer version 5.0.5, 5.0.6, or 5.0.7. Such versions are vulnerable to two distinct exploits. Namely,

- Xsco can be locally exploited by any valid user in order to escalate their privileges to 'root'. The bug is due to improper input handling when running the command line switch '-co'.

- There is a vulnerability in the MIT-SHM extension within all X servers that are running as root. Any user with local X access can exploit the MIT-SHM extension and gain read/write access to any shared memory segment on the system.

Solution

Install the patched binaries referenced in the vendor's advisory.

See Also

https://marc.info/?l=bugtraq&m=103547625009363&w=2

ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.26

https://marc.info/?l=bugtraq&m=101776858410652&w=2

Plugin Details

Severity: High

ID: 11895

File Name: openserver_overflows.nasl

Version: 1.21

Type: remote

Family: Misc.

Published: 10/16/2003

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/15/2002

Reference Information

CVE: CVE-2002-0158, CVE-2002-0164

BID: 4396, 4985