CVE-2006-0072

SCO OpenServer 5.0.7 - Remote Code Execution via Long -o Argument

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0072. PoCs published by prdelka.

AI-analyzed exploit summary This exploit targets a stack-based buffer overflow in SCO Openserver 5.0.7's 'termsh' program via the '-o' command-line argument. It leverages shellcode execution to escalate privileges to the 'auth' group, potentially allowing local root compromise.

Description

Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector.

Exploits (1)

exploitdb WORKING POC VERIFIED
by prdelka · clocalsco
https://www.exploit-db.com/exploits/1402

This exploit targets a stack-based buffer overflow in SCO Openserver 5.0.7's 'termsh' program via the '-o' command-line argument. It leverages shellcode execution to escalate privileges to the 'auth' group, potentially allowing local root compromise.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: SCO Openserver 5.0.7 termsh
No auth needed
Prerequisites: Local access to SCO Openserver 5.0.7 · Presence of vulnerable 'termsh' binary
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16122
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/420677

Scores

EPSS 0.0478
EPSS Percentile 90.8%

Details

Status published
Products (9)
sco/openserver 5.0
sco/openserver 5.0.1
sco/openserver 5.0.2
sco/openserver 5.0.3
sco/openserver 5.0.4
sco/openserver 5.0.5
sco/openserver 5.0.6
sco/openserver 5.0.6a
sco/openserver 5.0.7
Published Jan 04, 2006
Tracked Since Feb 18, 2026