TUCoPS :: SCO :: recon1.htm

SCO OpenServer 5.0.6 recon Buffer Overflow 
Vulnerability

    recon

Affected

    SCO OpenServer 5.0.6 upgrade from 5.0.x and 5.0.6 fresh install

Description

    Following is  based on  a Strategic  Reconnaissance Team  Security
    Advisory (SRT2001-02).   SCO OpenServer  5.0.6 ships  with a  suid
    root  /opt/K/SCO/Unix/5.0.6Ga/usr/bin/recon.    Recon   has   poor
    handling of command line arguments resulting in a buffer overflow.
    The core is dumped upon feeding recon more than 1315 chars:

        /opt/K/SCO/Unix/5.0.6Ga/usr/bin/recon `perl -e 'print "A" x 3000'`
        Memory fault - core dumped

    This problem makes  it possible to  overwrite memory space  of the
    running process, and potentially  execute code with the  inherited
    privileges of root.

    Credit goes to Kevin Finisterre.

Solution

    chmod  -s  /opt/K/SCO/Unix/5.0.6Ga/usr/bin/recon  as   workaround.

    Patch:

        ftp://ftp.sco.com/SSE/sse072b.tar.Z
        ftp://ftp.sco.com/SSE/sse072b.tar.bz2
        ftp://ftp.sco.com/SSE/sse072b.ltr

    SSE072B supersedes SSE072

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH