{"vuid":"VU#972598","idnumber":"972598","name":"SCO OpenServer vulnerable to privilege escalation in 'scosession' argument handling","keywords":["SCO OpenServer","privilege escalation","scosession"],"overview":"A vulnerability in a program supplied with the SCO OpenServer operating system may allow local attackers to gain elevated privileges.","clean_desc":"SCO OpenServer is a UNIX-like operating system for Intel and AMD platforms. The 'scosession' session handling component, which is responsible for starting and stopping X server sessions, contains a flaw in the handling of command-line arguments which may allow a local authenticated attacker to gain elevated privileges. This applies to SCO OpenServer 5.0.6 and 5.0.7.","impact":"Local authenticated users may gain elevated privileges on affected platforms.","resolution":"Apply an update\nUpdates for SCO OpenServer 5.0.6 and 5.0.7 are available at this time. More information can be found in SCO Security Advisory SCOSA-2005.5.","workarounds":"","sysaffected":"","thanks":"Thanks to SCO Security for reporting this vulnerability, who in turn credit Joel Soderberg and Christer Oberg of Deprotect with the discovery.","author":"This document was written by Ken MacInnis.","public":["ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.5/SCOSA-2005.5.txt","http://secunia.com/advisories/14012/"],"cveids":["CVE-2003-1021"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-01-28T16:20:41Z","publicdate":"2005-01-25T00:00:00Z","datefirstpublished":"2005-02-21T21:25:06Z","dateupdated":"2005-02-21T21:25:11Z","revision":12,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"15","cam_impact":"18","cam_easeofexploitation":"8","cam_attackeraccessrequired":"10","cam_scorecurrent":"7.29","cam_scorecurrentwidelyknown":"9.315","cam_scorecurrentwidelyknownexploited":"17.415","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":7.29,"vulnote":null}