CVE-2002-0987

Description

X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop privileges before calling programs such as xkbcomp using popen, which could allow local users to gain privileges.

Affected products

• caldera / openunix8.0 – 8.0
• caldera / unixware7.1.1 – 7.1.1

References

• MISChttp://www.osvdb.org/5044
• MISCftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.38
• MISChttp://www.securityfocus.com/bid/5575
• MISChttp://www.iss.net/security_center/static/9976.php