4 matches found
CVE-2008-0310
Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST...
CVE-2008-0310
CVE-2008-0310 describes a local privilege escalation in SCO UnixWare 7.1.4 before patch p534589. The vulnerability lies in the pkgadd command, which improperly handles an environment variable (likely PKGINST) during package installation, allowing a local user to traverse directories using ".." se...
CVE-2008-0310
Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST...
iDefense Security Advisory 04.03.08: SCO UnixWare pkgadd Directory Traversal Vulnerability
iDefense Security Advisory 04.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 03, 2008 I. BACKGROUND SCO UnixWare is a UNIX operating system that runs on many OEM platforms. The pkgadd command is used to install packages on the system. More information about the product is...