[原文]sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO OpenServer 5.0.6, can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.
SCO OpenServer MMDF sendmail First Argument Local Overflow
Local Access Required
Loss of Integrity
A local overflow exists in OpenServer. The sendmail command fails to validate user-supplied arguments resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, SCO has released a patch to address this vulnerability.