Openserver Sco Openserver

Do you want an email whenever new security vulnerabilities are reported in Sco Openserver?

By the Year

In 2022 there have been 0 vulnerabilities in Sco Openserver . Openserver did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Openserver vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Sco Openserver Security Vulnerabilities

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake

CVE-2004-0079 - November 23, 2004

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which

CVE-2004-0081 - November 23, 2004

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake

CVE-2004-0112 - November 23, 2004

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

SCO Internet Manager (mana)

CVE-2003-0742 - October 06, 2003

SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program.

userOsa in SCO OpenServer

CVE-1999-0893 - October 11, 1999

userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack.

Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, including S84rpcinit, S95nis, S85tcp, and S89nfs, are vulnerable to a symlink attack

CVE-1999-0411 - March 07, 1999

Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, including S84rpcinit, S95nis, S85tcp, and S89nfs, are vulnerable to a symlink attack, allowing a local user to gain root access.

A weak encryption algorithm is used for passwords in SCO TermVision

CVE-1999-0476 - March 01, 1999

A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user.

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a

CVE-1999-0368 - February 09, 1999

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client

CVE-1999-0017 - December 10, 1997

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

DNS cache poisoning

CVE-1999-0024 - August 13, 1997

DNS cache poisoning via BIND, by predictable query IDs.

Command execution in Sun systems

CVE-1999-0033 - June 12, 1997

Command execution in Sun systems via buffer overflow in the at program.

Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.

CVE-1999-0345 - January 01, 1997

Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.

Oversized ICMP ping packets

CVE-1999-0128 - December 18, 1996

Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.

Sendmail allows local users to write to a file and gain group permissions

CVE-1999-0129 - December 03, 1996

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

Local user gains root privileges

CVE-1999-0023 - July 24, 1996

Local user gains root privileges via buffer overflow in rdist, via lookup() function.

pcnfsd (aka rpc.pcnfsd)

CVE-1999-0078 - April 18, 1996

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Hp Ux or by Sco? Click the Watch button to subscribe.

Sco
Vendor

subscribe