{"vuid":"VU#971179","idnumber":"971179","name":"UUCP package contains multiple buffer overflows via long string of characters sent as command line argument","keywords":["SCO","Caldera","UnixWare","uucp","buffer overflow","long string of characters","command line argument"],"overview":"Several Linux/Unix systems ship with a utility package called UUCP derived from System V. A buffer overflow in components of the UUCP package can allow an intruder to gain elevated privileges.","clean_desc":"Several Linux/Unix systems ship with a utility package called UUCP derived from System V. The UUCP package allows for the copying of files between different UNIX systems and the sending of commands for execution on a remote system. There is a buffer overflow in the components listed below that can allow a malicious user to gain elevated privileges. uucp\nuuxcmd\nuux\nuuxqt\nbnuconvert\nuucico\nuustat","impact":"An intruder can gain elevated privileges.","resolution":"Upgrade to the version of UUCP specified by your vendor.","workarounds":"","sysaffected":"","thanks":"This vulnerability was originally reported in a \nCaldera-SCO security advisory","author":"This document was written by Jason Rafail.","public":["http://www.securityfocus.com/bid/2946","ftp://ftp.sco.com/pub/security/unixware/sr847405/","ftp://ftp.sco.com/pub/security/unixware/sr847405/sr847405.txt"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-09-12T15:56:14Z","publicdate":"2001-06-27T00:00:00Z","datefirstpublished":"2001-07-27T19:48:30Z","dateupdated":"2001-10-31T14:39:50Z","revision":20,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"5","cam_impact":"19","cam_easeofexploitation":"20","cam_attackeraccessrequired":"10","cam_scorecurrent":"8.90625","cam_scorecurrentwidelyknown":"8.90625","cam_scorecurrentwidelyknownexploited":"16.03125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":8.90625,"vulnote":null}