Unixware

Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.

Published: 2006-09-09T00:00:00.000Z
Updated: 2024-08-07T19:23:40.015Z

Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows local users to execute arbitrary code via a -S (scheme) argument that specifies a large file, a different vulnerability than CVE-2001-1063.

Published: 2005-12-14T11:00:00.000Z
Updated: 2024-08-07T23:31:47.862Z

Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 allows local users to gain privileges via unspecified vectors.

Published: 2006-02-24T01:00:00.000Z
Updated: 2024-08-07T22:53:29.528Z

Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, and possibly earlier versions, allows local users to execute arbitrary code via a long argument to the (1) prompt or (2) defprompt command.

Published: 2005-10-25T04:00:00.000Z
Updated: 2024-08-07T22:53:29.778Z

The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly create socket directories in /tmp, which could allow attackers to hijack local sockets.

Published: 2005-05-18T04:00:00.000Z
Updated: 2024-08-07T21:05:23.986Z

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

Published: 2005-03-08T05:00:00.000Z
Updated: 2024-08-07T20:57:41.235Z

Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 allows local users to escape the chroot jail and conduct unauthorized activities.

Published: 2005-01-29T05:00:00.000Z
Updated: 2024-08-08T00:39:00.939Z

The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, and possibly other versions, when run from inetd, allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests, which causes inetd to launch a separate process for each request.

Published: 2005-01-19T05:00:00.000Z
Updated: 2024-08-08T00:39:00.543Z

main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.

Published: 2004-12-01T05:00:00.000Z
Updated: 2024-08-08T00:39:00.654Z

SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user.

Published: 2003-11-18T05:00:00.000Z
Updated: 2024-08-08T02:12:35.455Z

Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME.

Published: 2003-11-06T05:00:00.000Z
Updated: 2024-08-08T02:05:12.580Z

Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.

Published: 2003-09-03T04:00:00.000Z
Updated: 2024-08-08T01:58:11.118Z

Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.

Published: 2004-09-01T04:00:00.000Z
Updated: 2024-08-08T03:19:28.615Z