• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

SCO OpenServer cancel Command Argument Buffer Overflow Vulnerability

SCO OpenServer 5.0.6 (and possibly earlier versions) ships with several suid 'bin' executables used in printer administration and related tasks.

This includes cancel, a component used to stop queued print requests.

'cancel' contains a confirmed locally exploitable buffer overflow condition present in the handling of command-line parameters.

If properly exploited, this can yield user 'bin' privileges to the attacker.