UnixWare i2odialogd
CVE 2000-0026
Impact
A remote attacker could gain root access by exploiting a buffer
overflow condition in the SCO UnixWare i2odialogd service.
Background
The SCO UnixWare 7.1
operating system runs the i2odialogd service
by default. The service is an http frontend to the i2o subsystem.
In order to use the service, a user is required to supply
a password for authentication.
The Problem
Due to a buffer overflow condition in the processing of the
MIME-encoded username and password pair supplied by the client,
an attacker could execute arbitrary code on the system.
Resolution
Disable the service or install SCO patch
SSE054.
Where can I read more about this?
This vulnerability was posted to
Bugtraq.