ScoCVEs & Vulnerabilities
129 CVEs affecting Sco products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
Most Affected Products
A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user.
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX OpenServer 5.0.5 and earlier, and SCO UnixWare 7.0.1 and earlier, allows remote attackers to gain privileges.
Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.
UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack.
Buffer overflow in SCO mscreen allows local users to gain root privileges via a long terminal entry (TERM) in the .mscreenrc file.
Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 allows a local user to gain root access via (1) a long TERM environmental variable and (2) a long entry in the .mscreenrc file.
Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook.
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges.
DNS cache poisoning via BIND, by predictable query IDs.
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.
Command execution in Sun systems via buffer overflow in the at program.
Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.
Sendmail decode alias can be used to overwrite sensitive files.
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.
Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 allows local users to access arbitrary files and gain root privileges.
Local user gains root privileges via buffer overflow in rdist, via lookup() function.
Vulnerability in a kernel error handling routine in SCO OpenServer 5.0.2 and earlier, and SCO Internet FastStart 1.0, allows local users to gain root privileges.
Delete or create a file via rpc.statd, due to invalid information.
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
Unspecified vulnerability in pt_chmod in SCO UNIX 4.2 and earlier allows local users to gain root access.
Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users to gain root access.
Vulnerability in login in SCO UNIX 4.2 and earlier allows local users to gain root access.
Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local users to gain root access.
SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.
Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system.