EUVD-2006-4427

Malware in sbrugna...

EUVD-2008-0320

Malware in sbrugna...

CVE-2002-1871

pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" question mark in the 1 mode, 2 owner, or 3 group fields, which allows attackers to elevate privileges...

SCO UnixWare < 7.1.4 p534589 (pkgadd) Local Root Exploit

No description provided by source. !/bin/ksh 04/2008: public release SCO UnixWare 7.1.4 p534589 if id -un = 'root' ; then grep -v $1-root$ /var/adm/sulog su.log cp su.def /etc/default/su cp su.log /var/adm/sulog rm -f su.def su.log woot.log else echo ------------------------------------ echo...

SCO UnixWare pkgadd本地权限提升漏洞

BUGTRAQ ID: 28236 CVECAN ID: CVE-2008-0310 UnixWare是由SCO公司开发和维护的商业性质Unix操作系统。 SCO UnixWare在处理环境变量时存在漏洞，本地攻击者可能利用此漏洞提升自己的权限。 SCO UnixWare的pkgadd命令没有正确地过滤某个环境变量，如果本地用户在该命令中使用了目录遍历序列（如“../”）的话，就可以覆盖系统文件，获得权限提升。 SCO Unixware 7.1.4 SCO --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Directory traversal

Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST...

CVE-2008-0310

CVE-2008-0310 describes a local privilege escalation in SCO UnixWare 7.1.4 before patch p534589. The vulnerability lies in the pkgadd command, which improperly handles an environment variable (likely PKGINST) during package installation, allowing a local user to traverse directories using ".." se...

CVE-2008-0310

Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST...

iDefense Security Advisory 04.03.08: SCO UnixWare pkgadd Directory Traversal Vulnerability

iDefense Security Advisory 04.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 03, 2008 I. BACKGROUND SCO UnixWare is a UNIX operating system that runs on many OEM platforms. The pkgadd command is used to install packages on the system. More information about the product is...

SCO UnixWare &lt; 7.1.4 p534589 (pkgadd) Local Root Exploit

No description provided by source. !/bin/ksh 04/2008: public release SCO UnixWare 7.1.4 p534589 if id -un = 'root' ; then grep -v " $1-root$" /var/adm/sulog su.log cp su.def /etc/default/su cp su.log /var/adm/sulog rm -f su.def su.log woot.log else echo "------------------------------------"...

SCO Unixware pkgadd directory traversal

It's possible to access any system files...

SCO UnixWare &lt; 7.1.4 p534589 - &#039;pkgadd&#039; Local Privilege Escalation

!/bin/ksh 04/2008: public release SCO UnixWare su.log cp su.def /etc/default/su cp su.log /var/adm/sulog rm -f su.def su.log woot.log else echo "------------------------------------" echo " UnixWare pkgadd Local Root Exploit" echo " By qaaz" echo "------------------------------------" EVIL=echo...

SCO UnixWare 7.1.4 p534589 - pkgadd Local Privilege Escalation

SCO UnixWare 7.1.4 p534589 - pkgadd Local Privilege Escalation !/bin/ksh 04/2008: public release SCO UnixWare su.log cp su.def /etc/default/su cp su.log /var/adm/sulog rm -f su.def su.log woot.log else echo "------------------------------------" echo " UnixWare pkgadd Local Root Exploit" echo " B...

SCO UnixWare < 7.1.4 p534589 (pkgadd) Local Root Exploit

Exploit for sco platform in category local exploits ======================================================== SCO UnixWare su.log cp su.def /etc/default/su cp su.log /var/adm/sulog rm -f su.def su.log woot.log else echo "------------------------------------" echo " UnixWare pkgadd Local Root...

CVE-2008-1343

Directory traversal vulnerability in 1 pkgadd and 2 pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors...

Directory traversal

Directory traversal vulnerability in 1 pkgadd and 2 pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors...

Sun Solaris 10 pkgadd错误文件安装权限漏洞

Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。 Solaris的pkgadd工具在处理文件安装的权限上存在漏洞，文件可能以不安全的访问权限被安装，可能导致权限提升或信息泄露。 如果Solaris 10系统上所安装的补丁/软件包的文件或目录的pkgmap文件mode字段包含有“?”的话，pkgadd1M就可能错误的将相关文件或目录的权限设置为755或777。777权限是一个安全威胁，因为如果应用到文件的话，任何用户就都可以修改该文件；如果应用到目录的话，任何用户都可以修改该目录中的文件。...

CVE-2006-4439

pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions 755 or 777 if the pkgmap file contains a "?" question mark in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871...

CVE-2006-4439

pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions 755 or 777 if the pkgmap file contains a "?" question mark in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871...

CVE-2006-4439

CVE-2006-4439 refers to a Solaris 10 local-privilege issue in pkgadd where, prior to 2006-08-25, files could be installed with insecure permissions (755 or 777) if the pkgmap mode field contained a question mark. This could allow local users to modify arbitrary files or directories. The descripti...