iDefense Security Advisory 02.24.06 - Local exploitation of an access validation error in SCO Unixware allows attackers to gain root privileges. The vulnerability specifically exists due to a failure to check permissions on traced executables. The ptrace() system call provides an interface for debugging other processes on the system. SCO Unixware's implementation of the ptrace system call fails to check for setuid permissions on binaries before attaching to the process. This results in the complete control of memory and execution for the traced process with root privileges. Attackers can inject data into the running setuid process and execute arbitrary code with root permissions. iDefense has confirmed the existence of this vulnerability in SCO Unixware versions 7.1.3 and 7.1.4. All previous versions of SCO Unixware are suspected to be vulnerable.
6eaaa424b75ac17dcb4ec8cdd9b4609599cfbdd9bbe9aea98a0e116202a59614
Secunia Security Advisory - A vulnerability has been reported in UnixWare, which can be exploited by malicious, local users to gain escalated privileges.
e42ea000ff7162d71b8e3708f5795db69b824c5443f9fa2613caf9907ba7ccb0
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
6cda0a49500a9a6297a838d0bb6f347a2a1857f1f1255ba8263ff1a53bdd19c3
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
0c7021635a0c2cc47be8758fd56fdeb7c33cac289d853d193f4cb38cdfb4f1fc
Secunia Security Advisory - A vulnerability has been reported in UnixWare, which can be exploited by malicious people to cause a DoS (Denial of Service) on active TCP sessions.
bee2811e9eab1566b8c613bad8b6fbe274c00aebe6185e8d1c1997d01fd417a3
iDEFENSE Security Advisory 12.12.05 - Local exploitation of a buffer overflow vulnerability in the uidadmin binary included in multiple versions of The SCO Group Inc.'s Unixware allows attackers to gain root privileges. iDefense has confirmed the existence of this vulnerability in SCO Unixware versions 7.1.3 and 7.1.4. All previous versions of SCO Unixware are suspected to be vulnerable.
81d6f5c861aa58608e968aa8e634230e92cf48aa302927c34830e5e2ebeef582
SCO Security Advisory - Cross-site scripting vulnerability in docview (htdig) under UnixWare 7.1.3 and UnixWare 7.1.4 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
8948f1f7a616d3f968054e459f46c68794386b15c994b4b12f89f92fd3ea5f4a
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
c3847b96379983d0f3f4c0a1a649e54a5d96e8ea9930b2222a45f39f34176b70
iDEFENSE Security Advisory 10.24.05 - Local exploitation of a buffer overflow vulnerability in the ppp binary, as included in multiple versions of The SCO Group Inc.'s Unixware, allows attackers to gain root privileges.
9b7b97200e4750b2274b1b81babc045334523a9e5e30d75d95f0457665a531e2
SCO Security Advisory - iDEFENSE has identified a Buffer Overflow vulnerability in SCO Unixware ppp prompt. Local exploitation of a buffer overflow vulnerability in the ppp binary, allows attackers to gain root privileges.
52844b9a3101e4ce8cadab981c41468ce7e578544ae531927abae4e4d937634b
Secunia Security Advisory - A vulnerability has been reported in UnixWare, which can be exploited by malicious, local users to gain escalated privileges.
dcdea9d8708264a03b8bb3f178432541923b679eb3bf19a68b86467aeacad870
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
4233294c6ee45f649135d7b635aa0d7ef91520b39c076a4ccdb29e51f29034fd
Secunia Security Advisory - SCO has issued an update for UnixWare. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) on an active TCP session.
b83b72088a738c39fa2c6fa52148b4999c66a8ce1513dbdac22be778283fdba1
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
353814e8aa9c797c80d6d97d711344c29f8dad56ab9af3cfbd9f2836fed3588a
Secunia Security Advisory - SCO has acknowledged some vulnerabilities in zlib included with UnixWare. These can be exploited by malicious, local users to cause a DoS (Denial of Service), or by malicious people to cause a DoS or potentially compromise a vulnerable system.
5d9169432768fdf09f644a7fbc42aadb7855e6a17159283927e6f1eb9f96678c
Secunia Security Advisory - UnixWare has issued an update for cpio. This fixes a vulnerability, which can be exploited by malicious people to cause files to be unpacked to arbitrary locations on a user's system.
c2186bdb301a33b59cc911d06667f632d520652a4b0de29839a1031062906c75
Secunia Security Advisory - Yun Jonglim has reported a vulnerability in UnixWare, which can be exploited by malicious people to cause a DoS (Denial of Service).
0f07b51b103ff9ef10c0fbe1da4f791a4bb774da3895e301057ad6a51ae1d019
When the UnixWare 7.x version of the RPC portmapper (rpcbind) receives an invalid portmap request, it falls into a denial of service state and cannot respond.
8807b2907f72caa93595e16a3af544c8a1a1d674b4ca5df6487e048bed5f118b
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
95771c01b986f36b5fc1d7d8c43de9b4baa24471d2e0c879d4381d8c680f1670
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
5fd1ea6804f7289d380a3ed5189d08a61e03bcff759648804d8ddcdf558e1d5a
Secunia Security Advisory - Unixware has issued an update for telnet. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.
ca7123ba0d173808e31ef5c7d0e94b819224307de4b2b3a1b7b6486e37836c45
Secunia Security Advisory - SCO has acknowledged a vulnerability in UnixWare, which can be exploited by malicious people to compromise a vulnerable system.
81b3b1e0952580ca80d2a52edd8595ae38efa25b74d2b0057ec8cbaab7c0cbf4
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
6562f374bb4320f0d58eed75a8bffb9139db8ef97bb941f041f7b91aa8cd191c
SCO Security Advisory - A vulnerability has been reported in UnixWare, which potentially can be exploited by malicious, local users to hijack local sockets.
31041ff5b45862c00e151b4e8be11d37a1e651ff64039f9ef1d718e496f98f69
SCO UnixWare mountd suffers from a denial of service vulnerability. Versions 7.1.4, 7.1.3, 7.1.1, and 7.0.1 are affected.
2abd68286135616dddfa95724b7ef045c27b565df8b1b2e6c23e36686593305e