header-logo
Suggest Exploit
vendor:
OpenServer 5.0.6
by:
SecurityFocus
8.3
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: OpenServer 5.0.6
Affected Version From: SCO OpenServer 5.0.6
Affected Version To: SCO OpenServer 5.0.6
Patch Exists: Yes
Related CWE: N/A
CPE: SCO:OpenServer_5.0.6
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Buffer Overflow in SCO OpenServer 5.0.6

SCO OpenServer 5.0.6 (and possibly earlier versions) ships with a suid 'bin' executable called 'recon'. 'recon' is used to buffer and forward escape sequences from a user's input to timing-sensitive applications. 'recon' contains a locally exploitable buffer overflow condition present in the handling of command-line parameters. If properly exploited, this can yield user 'bin' privileges to the attacker.

Mitigation:

Upgrade to a version of SCO OpenServer 5.0.6 that is not vulnerable to this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2560/info

SCO OpenServer 5.0.6 (and possibly earlier versions) ships with a suid 'bin' executable called 'recon'.

'recon' is used to buffer and forward escape sequences from a user's input to timing-sensitive applications.

'recon' contains a locally exploitable buffer overflow condition present in the handling of command-line parameters.

If properly exploited, this can yield user 'bin' privileges to the attacker. 

/opt/K/SCO/Unix/5.0.6Ga/usr/bin/recon `perl -e 'print "A" x 3000'`

Memory fault - core dumped