Summary
Detail | |||
---|---|---|---|
Vendor | Sco | First view | 1993-09-17 |
Product | Openserver | Last view | 2006-01-03 |
Version | Type | Os | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2006-01-03 | CVE-2006-0072 | Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector. |
5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
4.6 | 2005-10-25 | CVE-2005-2926 | Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO Openserver 5.0.7 allows local users to execute arbitrary code via a long HOME environment variable. |
4.6 | 2005-05-02 | CVE-2005-0993 | Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users to execute arbitrary code via a long command line argument. |
4.6 | 2005-04-07 | CVE-2005-0351 | Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO OpenServer 5.0.6 and 5.0.7 might allow local users to execute arbitrary code via a long HOME environment variable. |
5.6 | 2005-03-05 | CVE-2005-0109 | Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses. |
7.2 | 2005-02-07 | CVE-2004-1131 | Multiple buffer overflows in the enable command for SCO OpenServer 5.0.6 and 5.0.7 allow local users to execute arbitrary code via long command line arguments. |
5 | 2005-01-11 | CVE-2004-1039 | The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, and possibly other versions, when run from inetd, allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests, which causes inetd to launch a separate process for each request. |
7.5 | 2004-12-31 | CVE-2004-0390 | SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style access control when users log in using scologin, which allows remote attackers to gain unauthorized access to an X session via other X login methods. |
2.1 | 2004-12-23 | CVE-2004-0512 | Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a core dump. |
2.1 | 2004-12-23 | CVE-2004-0511 | Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a null dereference. |
7.2 | 2004-12-23 | CVE-2004-0510 | Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to execute arbitrary code, as demonstrated via the execmail program. |
5 | 2004-11-23 | CVE-2004-0112 | The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. |
5 | 2004-11-23 | CVE-2004-0081 | OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. |
7.5 | 2004-11-23 | CVE-2004-0079 | The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. |
7.5 | 2004-02-03 | CVE-2004-1082 | mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. |
4.6 | 2004-01-14 | CVE-2004-1124 | Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 allows local users to escape the chroot jail and conduct unauthorized activities. |
2.1 | 2003-11-17 | CVE-2003-0872 | Certain scripts in OpenServer before 5.0.6 allow local users to overwrite files and conduct other unauthorized activities via a symlink attack on temporary files. |
9.8 | 2003-10-07 | CVE-2003-0791 | The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. |
7.2 | 2003-10-06 | CVE-2003-0742 | SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program. |
7.2 | 2003-08-27 | CVE-2003-0597 | Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7.1.x allows local users to gain root privileges. |
5 | 2002-10-28 | CVE-2002-1199 | The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments. |
7.2 | 2002-07-26 | CVE-2002-0716 | Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
25% (2) | CWE-399 | Resource Management Errors |
25% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
12% (1) | CWE-502 | Deserialization of Untrusted Data |
12% (1) | CWE-476 | NULL Pointer Dereference |
12% (1) | CWE-189 | Numeric Errors |
12% (1) | CWE-125 | Out-of-bounds Read |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-219 | XML Routing Detour Attacks |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:5833 | Security vulnerability in the BIND executable |
oval:org.mitre.oval:def:5966 | Security vulnerability in the BIND executable |
oval:org.mitre.oval:def:2025 | System V login Buffer Overflow |
oval:org.mitre.oval:def:2423 | ypxfrd File Disclosure Vulnerability |
oval:org.mitre.oval:def:9779 | The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to... |
oval:org.mitre.oval:def:975 | Red Hat OpenSSL do_change_cipher_spec Function Denial of Service |
oval:org.mitre.oval:def:870 | Red Hat Enterprise 3 OpenSSL do_change_cipher_spec Function Denial of Service |
oval:org.mitre.oval:def:5770 | Multiple Vendor OpenSSL 0.9.6x, 0.9.7x Null-Pointer DoS Vulnerability |
oval:org.mitre.oval:def:2621 | OpenSSL Denial of Service Vulnerabilities |
oval:org.mitre.oval:def:902 | Red Hat OpenSSL Improper Unknown Message Handling Vulnerability |
oval:org.mitre.oval:def:871 | Red Hat Enterprise 3 OpenSSL Improper Unknown Message Handling Vulnerability |
oval:org.mitre.oval:def:11755 | OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, w... |
oval:org.mitre.oval:def:9580 | The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when usin... |
oval:org.mitre.oval:def:928 | Red Hat Enterprise 3 OpenSSL Kerberos Handshake Vulnerability |
oval:org.mitre.oval:def:1049 | Red Hat OpenSSL Kerberos Handshake Vulnerability |
oval:org.mitre.oval:def:9747 | Hyper-Threading technology, as used in FreeBSD and other operating systems th... |
oval:org.mitre.oval:def:9437 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf... |
oval:org.mitre.oval:def:9575 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS... |
oval:org.mitre.oval:def:9992 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS... |
SAINT Exploits
Description | Link |
---|---|
System V login argument array buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
67346 | Multiple Unix Vendor rpc.pcnfsd pr_init() Symlink Arbitrary File Permission M... |
59341 | Multiple Unix bootpd hwinfolist Table htype Handling Overflow |
59264 | Microsoft Windows Crafted Fragmented Packet Stream Remote DoS (Jolt) |
34751 | ISC BIND Malformed SIG Record Remote DoS |
34750 | ISC BIND Malformed NAPTR Record Local DoS |
22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
22217 | SCO OpenServer termsh -o Parameter Local Overflow |
20154 | SCO OpenServer authsh Local Overflow |
20153 | SCO OpenServer backupsh Local Overflow |
19398 | SCO OpenServer Unspecified Local System Modication |
16440 | Multiple Unix Vendor Hyper-Threading (HTT) Arbitrary Thread Process Informati... |
15360 | SCO OpenServer atcronsh HOME Environment Variable Local Overflow |
15359 | SCO OpenServer termsh HOME Environment Variable Local Overflow |
15358 | SCO OpenServer auditsh HOME Environment Variable Local Overflow |
15274 | SCO OpenServer nwprint Command Line Local Overflow |
14507 | Multiple Vendor ypxfrd getdbm Procedure Arbitrary File Access |
13618 | SCO OpenServer enable Local Overflow |
13057 | SCO UnixWare Chroot Unspecified Escape |
12866 | SCO UnixWare mountd Multiple Process Creation DoS |
12176 | mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay |
11734 | Multiple Unix rpc.statd Arbitrary File Creation/Deletion |
11665 | SCO OpenServer /usr/lib/cleantmp Symlink Arbitrary File Overwrite |
11664 | SCO OpenServer /etc/rpcinit Symlink Arbitrary File Overwrite |
ExploitDB Exploits
id | Description |
---|---|
21180 | Solaris/SPARC 2.5.1/2.6/7/8 Derived 'login' Buffer Overflow Vulnerability |
716 | Solaris 2.5.1/2.6/7/8 rlogin /bin/login - Buffer Overflow Exploit (SPARC) |
OpenVAS Exploits
id | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-05-05 | Name : HP-UX Update for Apache HPSBUX01019 File : nvt/gb_hp_ux_HPSBUX01019.nasl |
2009-05-05 | Name : HP-UX Update for AAA Server HPSBUX01011 File : nvt/gb_hp_ux_HPSBUX01011.nasl |
2008-10-24 | Name : SysV /bin/login buffer overflow (telnet) File : nvt/binlogin_overflow_telnet.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200601-17 (xpdf poppler gpdf libextractor pdfto... File : nvt/glsa_200601_17.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200601-02 (kdegraphics, kpdf, koffice, kword) File : nvt/glsa_200601_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200403-03 (OpenSSL) File : nvt/glsa_200403_03.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-04:05.openssl.asc) File : nvt/freebsdsa_openssl1.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-05:09.htt.asc) File : nvt/freebsdsa_htt.nasl |
2008-09-04 | Name : FreeBSD Ports: openssl, openssl-beta File : nvt/freebsd_openssl.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 937-1 (tetex-bin) File : nvt/deb_937_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 465-1 (openssl,openssl094,openssl095) File : nvt/deb_465_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 931-1 (xpdf) File : nvt/deb_931_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 932-1 (xpdf) File : nvt/deb_932_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 962-1 (pdftohtml) File : nvt/deb_962_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 961-1 (pdfkit.framework) File : nvt/deb_961_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 950-1 (cupsys) File : nvt/deb_950_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 940-1 (gpdf) File : nvt/deb_940_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 938-1 (koffice) File : nvt/deb_938_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 936-1 (libextractor) File : nvt/deb_936_1.nasl |
2005-11-03 | Name : Sendmail Local Starvation and Overflow File : nvt/sendmail_875_bo.nasl |
2005-11-03 | Name : Sendmail Group Permissions Vulnerability File : nvt/sendmail_forword_include.nasl |
2005-11-03 | Name : WS FTP server FTP bounce attack and PASV connection hijacking flaw File : nvt/wsftp_classic_flaws.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2006-045-09 xpdf File : nvt/esoft_slk_ssa_2006_045_09.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2006-045-04 kdegraphics File : nvt/esoft_slk_ssa_2006_045_04.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | vrfy decode RuleID : 672-community - Type : SERVER-MAIL - Revision : 17 |
2014-01-10 | vrfy decode RuleID : 672 - Type : SERVER-MAIL - Revision : 17 |
2014-01-10 | Sendmail expn decode RuleID : 659-community - Type : SERVER-MAIL - Revision : 18 |
2014-01-10 | Sendmail expn decode RuleID : 659 - Type : SERVER-MAIL - Revision : 18 |
2014-01-10 | portmap pcnfsd request UDP RuleID : 581-community - Type : PROTOCOL-RPC - Revision : 18 |
2014-01-10 | portmap pcnfsd request UDP RuleID : 581 - Type : PROTOCOL-RPC - Revision : 18 |
2014-01-10 | EXPLOIT x86 linux overflow RuleID : 352 - Type : FTP - Revision : 8 |
2014-01-10 | EXPLOIT x86 linux overflow RuleID : 351 - Type : FTP - Revision : 9 |
2014-01-10 | EXPLOIT x86 linux overflow RuleID : 350 - Type : FTP - Revision : 9 |
2014-01-10 | EXPLOIT MKD overflow RuleID : 349 - Type : FTP - Revision : 9 |
2014-01-10 | PORT bounce attempt RuleID : 3441-community - Type : PROTOCOL-FTP - Revision : 13 |
2014-01-10 | PORT bounce attempt RuleID : 3441 - Type : PROTOCOL-FTP - Revision : 13 |
2014-01-10 | login buffer non-evasive overflow attempt RuleID : 3274-community - Type : PROTOCOL-TELNET - Revision : 14 |
2014-01-10 | login buffer non-evasive overflow attempt RuleID : 3274 - Type : PROTOCOL-TELNET - Revision : 14 |
2014-01-10 | bootp x86 linux overflow RuleID : 319 - Type : EXPLOIT - Revision : 7 |
2014-01-10 | login buffer overflow attempt RuleID : 3147-community - Type : PROTOCOL-TELNET - Revision : 15 |
2014-01-10 | login buffer overflow attempt RuleID : 3147 - Type : PROTOCOL-TELNET - Revision : 15 |
2014-01-10 | SCO calserver overflow RuleID : 304-community - Type : SERVER-OTHER - Revision : 12 |
2014-01-10 | SCO calserver overflow RuleID : 304 - Type : SERVER-OTHER - Revision : 12 |
2014-01-10 | Jolt attack RuleID : 268 - Type : DOS - Revision : 7 |
2014-01-10 | bootp invalid hardware type RuleID : 1940-community - Type : SERVER-OTHER - Revision : 9 |
2014-01-10 | bootp invalid hardware type RuleID : 1940 - Type : SERVER-OTHER - Revision : 9 |
2014-01-10 | bootp hardware address length overflow RuleID : 1939-community - Type : SERVER-OTHER - Revision : 10 |
2014-01-10 | bootp hardware address length overflow RuleID : 1939 - Type : SERVER-OTHER - Revision : 10 |
2014-01-10 | dns cache poisoning attempt RuleID : 13667 - Type : PROTOCOL-DNS - Revision : 19 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO |
2012-01-04 | Name: The remote server is vulnerable to a denial of service attack. File: openssl_0_9_6m_0_9_7d.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_68233cba777411d889ed0020ed76ef5a.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-940.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-938.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-937.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-936.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-932.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-931.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-950.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-961.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-962.nasl - Type: ACT_GATHER_INFO |
2006-07-05 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2005-868.nasl - Type: ACT_GATHER_INFO |
2006-07-05 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2006-0177.nasl - Type: ACT_GATHER_INFO |
2006-07-03 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2006-0160.nasl - Type: ACT_GATHER_INFO |
2006-07-03 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2006-0163.nasl - Type: ACT_GATHER_INFO |
2006-07-03 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2005-840.nasl - Type: ACT_GATHER_INFO |
2006-07-03 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2005-830.nasl - Type: ACT_GATHER_INFO |
2006-07-03 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2005-800.nasl - Type: ACT_GATHER_INFO |
2006-07-03 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2005-476.nasl - Type: ACT_GATHER_INFO |
2006-02-15 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2006-045-04.nasl - Type: ACT_GATHER_INFO |
2006-02-15 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2006-045-09.nasl - Type: ACT_GATHER_INFO |
2006-02-01 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200601-17.nasl - Type: ACT_GATHER_INFO |
2006-01-21 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-236-1.nasl - Type: ACT_GATHER_INFO |