OpenServer calserver
Created 2/22/01
CVE 2000-0306
Impact
A remote attacker could gain root access by exploiting a buffer
overflow condition in the SCO OpenServer calserver service.
Background
The SCO OpenServer
operating system comes with a calendar service called calserver.
The Problem
A buffer overflow in calserver could allow an
attacker to execute arbitrary commands with root privileges.
If calserver is running in local mode, the
vulnerability could only be exploited by a user on the local
machine, leading to a privilege-elevation attack. If calserver
is running in remote mode, the vulnerability could be exploited
remotely, leading to remote root access.
OpenServer 5.04 and earlier could be affected by this vulnerability
if unpatched.
Resolution
Upgrade to the latest version of OpenServer or install SCO patch
SSE019.
Where can I read more about this?
This vulnerability was reported in SCO Security Bulletin
99.02.