CVE-ID

CVE-2001-0575

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a long first argument to lpshut.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20010727 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20020225-01)
Votes (Legacy)
ACCEPT(3) Baker, Frech, Williams
MODIFY(1) Bishop
NOOP(4) Cole, Foat, Wall, Ziese
Comments (Legacy)
 Bishop> recommend combining as stated in analysis
 Baker> http://support.caldera.com/caldera/solution?11=113723&130=0988647911&14=&2715=&15=&2716=&57=search&58=&2900=dckSSu3pru&25=6&3=SSE072B
   "What is SSE072B, the buffer overflow security patch for Openserver 5? (Ref. #113723)"
   Buffer overflows have been found in the following 19
   SCO OpenServer 5 utilities:
   
   /usr/bin/accept
   /usr/bin/cancel
   /usr/mmdf/bin/deliver
   /usr/bin/disable
   /usr/bin/enable
   /usr/lib/libcurses.a
   /usr/bin/lp
   /usr/lib/lpadmin
   /usr/lib/lpfilter
   /usr/lib/lpforms
   /usr/lib/lpmove
   /usr/lib/lpshut
   /usr/bin/lpstat
   /usr/lib/lpusers
   /usr/bin/recon
   /usr/bin/reject
   /usr/bin/rmail
   /usr/lib/sendmail
   /usr/bin/tput
   
   NOTE: the accept, reject, enable, and disable commands are
   symbolically linked to the same binary.
   
   Running any of the above utilities with a very large argument
   can result in a core dump.

Proposed (Legacy)
20010727
This is an entry on the CVE list, which standardizes names for security problems.