Caldera OpenServer dlv_audit Local Buffer Overflow Vulnerability

info
discussion
exploit
solution
references

Caldera OpenServer dlv_audit Local Buffer Overflow Vulnerability

OpenServer is a commercial UNIX Operating System originally developed by SCO. It is maintained by Caldera. OpenServer includes support for a comprehensive audit system.

A vulnerability has been reported in some versions of OpenServer. The dlvr_audit program contains an exploitable buffer overflow. dlvr_audit is used to deliver audit records to the OpenServer audit subsystem. dlvr_audit runs suid root by default.