|
|
|
|
| |
Credit:
The information has been provided by iDEFENSE.
The original article can be found at: http://www.idefense.com/application/poi/display?id=350&type=vulnerabilities
|
| |
Vulnerable Systems:
* SCO Unixware version 7.1.3
* SCO Unixware version 7.1.4
The vulnerability specifically exists because of a failure to check the length of user specified file input. If the user prepares a file longer than 1,600 bytes and supplies the path to that file using the "-S" option of uidadmin, a stack based buffer overflow occurs. This leads to the execution of arbitrary code with root privileges, as uidadmin is setuid root by default.
Successful exploitation of this vulnerability requires that a user have local access to the system. This would allow the user to gain super user privileges and execute arbitrary code.
Vendor Status:
The vendor has released the following update to address this vulnerability: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.54
CVE Information:
CVE-2005-3903
Disclosure Timeline:
10/12/2005 - Initial vendor notification
10/13/2005 - Initial vendor response
12/12/2005 - Coordinated public disclosure
|
|
|
|
|
