CVE-2005-2927 - Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, and possibly earlier versions, a

CVE-2005-2927

Summary

Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, and possibly earlier versions, allows local users to execute arbitrary code via a long argument to the (1) prompt or (2) defprompt command.

References

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.41/SCOSA-2005.41.txt
http://secunia.com/advisories/17275
http://securityreason.com/securityalert/101
http://securitytracker.com/id?1015098
http://www.idefense.com/application/poi/display?type=vulnerabilities
http://www.osvdb.org/20155
http://www.securityfocus.com/bid/15159

Vulnerable Configurations

cpe:2.3:o:sco:unixware:7.1.3:*:*:*:*:*:*:*
cpe:2.3:o:sco:unixware:7.1.3:*:*:*:*:*:*:*
cpe:2.3:o:sco:unixware:7.1.4:*:*:*:*:*:*:*
cpe:2.3:o:sco:unixware:7.1.4:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 10-09-2008 - 19:44)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	15159
idefense	20051024 SCO Unixware Setuid ppp prompt Buffer Overflow Vulnerability
osvdb	20155
sco	SCOSA-2005.41
sectrack	1015098
secunia	17275
sreason	101

Last major update

10-09-2008 - 19:44

Published

25-10-2005 - 16:02

Last modified

10-09-2008 - 19:44