header-logo
Suggest Exploit
vendor:
OpenServer
by:
SecurityFocus
7.2
CVSS
HIGH
Heap Overflow
119
CWE
Product Name: OpenServer
Affected Version From: OpenServer
Affected Version To: OpenServer
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unix
2002

Heap Overflow in OpenServer

When Xsco is executed, and an excessively long argument is supplied to the -co flag, a heap overflow occurs. This problem could allow a local user to supply a maliciously formatted string with the -co option that could result in the execution of arbitrary code, and elevated privileges.

Mitigation:

Upgrade to the latest version of OpenServer
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4985/info

OpenServer is commercial Unix operating system originally developed by SCO, and distributed by Caldera.

It may be possible for a local user to gain elevated privileges. When Xsco is executed, and an excessively long argument is supplied to the -co flag, a heap overflow occurs. This problem could allow a local user to supply a maliciously formatted string with the -co option that could result in the execution of arbitrary code, and elevated privileges.

./Xsco :1 -co `perl -e 'print "A" x 9000'`

Navigation

Suggest Exploit

Services By CQR