VULHUB ™

The XBase package that ships with SCO OpenServer 5.0.* is vulnerable to several buffer overflow attacks in many different XBase tools. The tools that are installed setuid root allow local users to gain superuser privileges. This is because they contain buffers which they copy data into assuming that the length is not exceeded. The vulnerabilities in the XBase package will let a local user trivially execute arbitrary code as root (if the binary exploited it setuid root) and compromise the security of entire system.

The XBase package that ships with SCO OpenServer 5.0.* is vulnerable to several buffer overflow attacks in many different XBase tools. The tools that are installed setuid root allow local users to gain superuser privileges. This is because they contain buffers which they copy data into assuming that the length is not exceeded. The vulnerabilities in the XBase package will let a local user trivially execute arbitrary code as root (if the binary exploited it setuid root) and compromise the security of entire system.