SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sco openserver 5.0.7 |
||
sco openserver 5.0.5 |
||
sco openserver 5.0.6 |