VULHUB ™

Under certain versions of SCO OpenServer there exists a symlink vulnerability which can be exploited to overwrite any file which is group writable by the 'auth' group. The problem in particular is in the the /etc/sysadm.d/bin/userOsa executable. When given garbage output the program will write out a debug log. However, the program does not check to see if it overwriting a currently existing file nor wether it is following a symlink. Therefore is it possible to overwrite files with debug data which are both in the 'auth' group and are writable by the same group. Both /etc/shadow & /etc/passwd fall into this category. If such an attack were launched against these files the system would be rendered unusable.

Under certain versions of SCO OpenServer there exists a symlink vulnerability which can be exploited to overwrite any file which is group writable by the 'auth' group. The problem in particular is in the the /etc/sysadm.d/bin/userOsa executable. When given garbage output the program will write out a debug log. However, the program does not check to see if it overwriting a currently existing file nor wether it is following a symlink. Therefore is it possible to overwrite files with debug data which are both in the 'auth' group and are writable by the same group. Both /etc/shadow & /etc/passwd fall into this category. If such an attack were launched against these files the system would be rendered unusable.