• info
• discussion
• exploit
• solution
• references

SCO OpenServer sendmail Buffer Overflow Vulnerability

SCO OpenServer 5 ships with several suid 'root' executables used for email-related tasks.

This includes sendmail, a component used to deliver or forward email messages to recipients.

'sendmail' contains a confirmed locally exploitable buffer overflow condition present in the handling of command-line parameters.

If properly exploited, this can yield user root privileges to the attacker.