Phase:Buffer overflow in SCO UnixWare Xsco command via a long argument.
ReferencesBUGTRAQ:Friday, November 26, 1999 [w00giving '99 #6]: UnixWare 7's Xsco
Votes:Proposed (Wednesday, December 08, 1999)
Comments: ACCEPT(3) Baker, Armstrong, Stracener | MODIFY(3) Prosser, Cole, Frech | REVIEWING(1) Christey
F7: Cole> This is BID 824 and the BUGTRAQ reference is 19991125. | Frech> XF:sco-unixware-xsco | Christey> Confirmed by vendor, albeit vaguely: | http://marc.theaimsgroup.com/?l=bugtraq&m=94581379905584&w=2 | | Prosser> agree with Steve on vendor confirmation, however not sure the | fix ref'd in BID 824 (SSE041) is right. It lists fixes for libnsl and | tcpip.so, nothing about xsco. SSE050b | (ftp://ftp.sco.com/SSE/security_bulletins/SB-99.26b) fixes a buffer overflow | in xsco on OpenServer (the vendor message Steve refers to) but not the | UnixWare vulnerability reported on Bugtraq and in BID824. Anyone more | familar with SCO shed some light on this? Are they the same codebase so fix | would be same? From the SCO site it seems the UnixWare and OpenSever | products are similar but have differences. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> BID:824 | http://www.securityfocus.com/bid/824