Test ID:	11895
Category:	General
Title:	SCO OpenServer multiple vulnerabilities
Summary:	Checks the remote SCO OpenServer
Description:	OpenServer 5.0.7, OpenServer 5.0.6, and OpenServer 5.0.5 are vulnerable to two (2) distinct exploits. Namely, 1) Xsco can be locally exploited by any valid user in order to escalate their privileges to 'root'. The bug is due to improper input handling when running the command line switch '-co'. 2) There is a vulnerability in the MIT-SHM extension within all X servers that are running as root. Any user with local X access can exploit the MIT-SHM extension and gain read/write access to any shared memory segment on the system. *** This plugin relied on the banner of the remote system *** to determine that it is a SCO Unix server, so this alert *** might be a false positive More information can be found at: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0158 http://marc.theaimsgroup.com/?l=bugtraq&m=101776858410652&w=2 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0164 http://marc.theaimsgroup.com/?l=bugtraq&m=103547625009363&w=2 http://www.securityfocus.com/bid/4396 Solution: Install the patched binaries from ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.26 Risk factor : High
Cross-Ref:	BugTraq ID: 4396 BugTraq ID: 4985 Common Vulnerability Exposure (CVE) ID: CVE-2002-0164 Caldera Security Advisory: CSSA-2002-009.0 http://www.linuxsecurity.com/advisories/caldera_advisory-2006.html Caldera Security Advisory: CSSA-2002-SCO.14 ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/CSSA-2002-SCO.14.txt Debian Security Information: DSA-380 (Google Search) http://www.debian.org/security/2003/dsa-380 http://www.redhat.com/support/errata/RHSA-2003-067.html SGI Security Advisory: 20021001-01-P ftp://patches.sgi.com/support/free/security/advisories/20021001-01-P Conectiva Linux advisory: CLSA-2002:529 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529 Bugtraq: 20021024 GLSA: xfree (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=103547625009363&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-66-228529-1 XForce ISS Database: xfree86-mitshm-memory-access(8706) http://xforce.iss.net/xforce/xfdb/8706 http://www.securityfocus.com/bid/4396 Common Vulnerability Exposure (CVE) ID: CVE-2002-0158 Bugtraq: 20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=101776858410652&w=2 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0000.html BugTraq ID: 4408 http://www.securityfocus.com/bid/4408 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:33 XForce ISS Database: solaris-xsun-co-bo(8703) http://xforce.iss.net/xforce/xfdb/8703
Copyright	This script is Copyright (C) 2003 Tenable Network Security

This is only one of 23219 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: