CVE-2008-0310
SCO UnixWare < 7.1.4 p534589 - 'pkgadd' Local Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST.
Vulnerabilidad de Salto de Directorio en pkgadd de SCO UnixWare 7.1.4 y versiones anteriores a p534589 permite a usuarios locales crear o agregar archivos de su elección mediante secuencias “..” en una variable de entorno sin especificar, probablemente PKGINST.
Local exploitation of a directory traversal vulnerability within the pkgadd program distributed with SCO Group Inc's UnixWare operating system allows attackers to gain root privileges. iDefense confirmed the existence of this vulnerability within version 7.1.4 of UnixWare with all patches available as of August 27th, 2007 installed. Previous versions are suspected to be vulnerable.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-01-16 CVE Reserved
- 2008-04-04 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-05-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=676 | Third Party Advisory | |
| http://www.securitytracker.com/id?1019787 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41759 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/5355 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.sco.com/support/update/download/release.php?rid=324 | 2017-09-29 |
| URL | Date | SRC |
|---|---|---|
| http://ftp.sco.com/pub/unixware7/714/security/p534589/p534589.txt | 2017-09-29 | |
| http://secunia.com/advisories/29657 | 2017-09-29 |