|CERT-In Vulnerability Note
SCO OpenServer authsh and backupsh buffer overflow vulnerability
Original Issue Date:October 28, 2005
Severity Rating: MEDIUM
SCO OpenServer 5.0.7 and earlier
A buffer overflow vulnerability has been reported in authsh and backupsh utilities of SCO OpenServer which could be used by the local users to gain root privileges on the system.
The binary utilities authsh and backupsh are distributed with SCO OpenServer platform. It is observed that the binary utilities authsh and backupsh are vulnerable to a stack based buffer overflow because of lack of bounds checking on the value given to the "HOME" environment variable.
This vulnerability could be exploited by local users, by supplying a specially crafted string to overflow a stack buffer and execute arbitrary code with group auth privileges authsh or with group backup privileges backupsh .
- Remove the setgid bit from the authsh binary
# chmod g-s /opt/K/SCO/Unix/5.0.7Hw/usr/lib/sysadm/authsh
- Remove the setgid bit from the backupsh binary
# chmod g-s /opt/K/SCO/Unix/5.0.7Hw/usr/lib/sysadm/ backupsh
Update to the latest version
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-2436857
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003