{"api_version":"1","generated_at":"2026-04-22T19:49:01+00:00","cve":"CVE-2008-0310","urls":{"html":"https://cve.report/CVE-2008-0310","api":"https://cve.report/api/cve/CVE-2008-0310.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-0310","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-0310"},"summary":{"title":"CVE-2008-0310","description":"Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via \"..\" sequences in an unspecified environment variable, probably PKGINST.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2008-04-07 17:44:00","updated_at":"2017-09-29 01:30:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"http://ftp.sco.com/pub/unixware7/714/security/p534589/p534589.txt","name":"SCOSA-2008.1","refsource":"SCO","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/29657","name":"29657","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"SCO UnixWare \"pkgadd\" Directory Traversal Privilege Escalation - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.sco.com/support/update/download/release.php?rid=324","name":"http://www.sco.com/support/update/download/release.php?rid=324","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"UnXis, Inc. | Support | Update | Download | Release","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=676","name":"20080403 SCO UnixWare pkgadd Directory Traversal Vulnerability","refsource":"IDEFENSE","tags":[],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1019787","name":"1019787","refsource":"SECTRACK","tags":[],"title":"SCO UnixWare pkgadd Directory Traversal Bug Lets Local Users Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41759","name":"sco-unixware-pkgadd-directory-traversal(41759)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/5355","name":"5355","refsource":"EXPLOIT-DB","tags":[],"title":"SCO UnixWare < 7.1.4 p534589 - 'pkgadd' Local Privilege Escalation - SCO local Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-0310","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-0310","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"310","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"sco","cpe5":"unixware","cpe6":"7.1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"310","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"sco","cpe5":"unixware","cpe6":"7.1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-0310","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via \"..\" sequences in an unspecified environment variable, probably PKGINST."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.sco.com/support/update/download/release.php?rid=324","refsource":"CONFIRM","url":"http://www.sco.com/support/update/download/release.php?rid=324"},{"name":"1019787","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1019787"},{"name":"sco-unixware-pkgadd-directory-traversal(41759)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41759"},{"name":"SCOSA-2008.1","refsource":"SCO","url":"http://ftp.sco.com/pub/unixware7/714/security/p534589/p534589.txt"},{"name":"5355","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/5355"},{"name":"20080403 SCO UnixWare pkgadd Directory Traversal Vulnerability","refsource":"IDEFENSE","url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=676"},{"name":"29657","refsource":"SECUNIA","url":"http://secunia.com/advisories/29657"}]}},"nvd":{"publishedDate":"2008-04-07 17:44:00","lastModifiedDate":"2017-09-29 01:30:00","problem_types":["CWE-22"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":6.9},"severity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:sco:unixware:7.1.4:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"310","Ordinal":"30179","Title":"CVE-2008-0310","CVE":"CVE-2008-0310","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"310","Ordinal":"1","NoteData":"Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via \"..\" sequences in an unspecified environment variable, probably PKGINST.","Type":"Description","Title":null},{"CveYear":"2008","CveId":"310","Ordinal":"2","NoteData":"2008-04-07","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"310","Ordinal":"3","NoteData":"2017-09-28","Type":"Other","Title":"Modified"}]}}}