SCO OpenServer lpshut Buffer Overflow Vulnerability

SCO OpenServer lpshut Buffer Overflow Vulnerability

SCO OpenServer 5.0.6 (and possibly earlier versions) ships with several suid bin executables used in printer administration and related tasks.

This includes lpshut, a component used to shut down the LP print service. 'lpshut' contains a locally exploitable bufffer overflow due to a lack of bounds checking during operations performed on user-supplied data.

An attacker may exploit this vulnerability to execute arbitrary code with effective userid 'bin' privileges.