vendor:
Open Server
by:
glitch of litecrew
7.5
CVSS
HIGH
Buffer Overflow
120 (Buffer Copy without Checking Size of Input)
CWE
Product Name: Open Server
Affected Version From: 2.1.4-R3
Affected Version To: 2.1.4-R3
Patch Exists: YES
Related CWE: N/A
CPE: o:sco:openserver_5.0.6
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
1999
Buffer Overflow in SCO Open Server POP Server
A buffer overflow exists in the pop server shipped with Santa Cruz Operation, Inc's (SCO) Open Server. By presenting a buffer of sufficient length to the pop server, an attacker can overwrite the return address on the stack, and execute arbitrary code upon a return. SCO's pop server is based on Qualcomm's pop daemon, and this vulnerability is similar to others present in Qualcomm's server.
Mitigation:
The vendor has released a patch to address this vulnerability.