[原文]Multiple buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to (1) atcronsh, (2) auditsh, (3) authsh, (4) backupsh, (5) lpsh, (6) sysadm.menu, or (7) termsh.
SCO OpenServer atcronsh TERM Variable Local Overflow
Local Access Required
Loss of Integrity
A local overflow exists in SCO OpenServer. The 'atcronsh' program fails to validate the length of input to the TERM environment variable resulting in a buffer overflow. With a specially crafted request, an attacker can cause an escalation of privileges resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, SCO has released a patch to address this vulnerability.