CVE-2008-0310
Summary
| CVE | CVE-2008-0310 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-04-07 17:44:00 UTC |
| Updated | 2017-09-29 01:30:00 UTC |
| Description | Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SCOSA-2008.1 | SCO | ftp.sco.com | |
| SCO UnixWare "pkgadd" Directory Traversal Privilege Escalation - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| UnXis, Inc. | Support | Update | Download | Release | CONFIRM | www.sco.com | Patch, Vendor Advisory |
| 20080403 SCO UnixWare pkgadd Directory Traversal Vulnerability | IDEFENSE | labs.idefense.com | |
| SCO UnixWare pkgadd Directory Traversal Bug Lets Local Users Gain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| SCO UnixWare < 7.1.4 p534589 - 'pkgadd' Local Privilege Escalation - SCO local Exploit | EXPLOIT-DB | www.exploit-db.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.