Caldera OpenUnix and UnixWare /usr/X/bin/Xsco fails to drop privileges
|openunix-unixware-xsco-privileges (9976)||High Risk|
Caldera OpenUnix could allow a local attacker to gain elevated privileges, caused by a privilege dropping vulnerability in the X server (Xsco). The X server fails to properly drop privileges prior to calling external programs, such as xkbcomp. This could allow a local attacker to gain elevated privileges on the system.
Apply the erg711819b patch, as listed in SCO Security Advisory CSSA-2002-SCO.38. See References.
- Caldera International, Inc. Security Advisory CSSA-2002-SCO.38: Open UNIX 8.0.0 UnixWare 7.1.1 : X server insecure popen and buffer overflow.
- BID-5575: Caldera X Server External Program Privileged Invocation Weakness
- CVE-2002-0987: X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop privileges before calling programs such as xkbcomp using popen, which could allow local users to gain privileges.
- OSVDB ID: 5044: OpenUNIX Xsco xkbcomp Unspecified Privilege Escalation
- SCO Caldera OpenUnix 8.0.0
- SCO Caldera UnixWare 7.1.1
Aug 26, 2002