source: wwwsecurityfocuscom/bid/850/info
Certain versions of SCO's Unixware (only version 71 was tested) ship with a series of package install/removal utilities which due to design issues under the SCO UnixWare operating system may read any file on the system regardless of their permission set This is due to the package commands (pkginf ...
source: wwwsecurityfocuscom/bid/853/info
It is possible to view the entries in /etc/shadow through exploiting a buffer overflow in pkgcat and pkginstall Though neither of these binaries are setuid, the dacread permissions which are granted in /etc/security/tcb/privs give them the ability read /etc/shadow When the oversized buffer data i ...
source: wwwsecurityfocuscom/bid/853/info
It is possible to view the entries in /etc/shadow through exploiting a buffer overflow in pkgcat and pkginstall Though neither of these binaries are setuid, the dacread permissions which are granted in /etc/security/tcb/privs give them the ability read /etc/shadow When the oversized buffer data ...