13 matches found
Design/Logic Flaw
Untrusted search path vulnerability in 1 hvdisp and 2 rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANTPATH environment variable to point to a malicious bin/hvenv program...
CVE-2008-6559
Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. dot dot sequences that point to a directory containing a file whose name includes shell metacharacters...
Design/Logic Flaw
Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. dot dot sequences that point to a directory containing a file whose name includes shell metacharacters...
CVE-2008-6558
Untrusted search path vulnerability in ReliantHA 1.1.4 (SCO UnixWare 7.1.4) affects hvdisp and rcvm. Local users can gain root privileges by setting RELIANT_PATH to a malicious bin/hvenv, exploiting an untrusted PATH search. Affected components: RELIANT_PATH environment variable usage in hvdisp/r...
CVE-2008-6559
The CVE-2008-6559 entry details a local privilege-escalation in ReliantHA 1.1.4 running on SCO UnixWare 7.1.4. The vulnerability arises when a crafted -d argument contains .. sequences that resolve to a directory containing a file whose name includes shell metacharacters, enabling local users to ...
Directory traversal
Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST...
CVE-2008-0310
CVE-2008-0310 describes a local privilege escalation in SCO UnixWare 7.1.4 before patch p534589. The vulnerability lies in the pkgadd command, which improperly handles an environment variable (likely PKGINST) during package installation, allowing a local user to traverse directories using ".." se...
CVE-2008-0310
Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST...
SCO UnixWare < 7.1.4 p534589 (pkgadd) Local Root Exploit
Exploit for sco platform in category local exploits ======================================================== SCO UnixWare su.log cp su.def /etc/default/su cp su.log /var/adm/sulog rm -f su.def su.log woot.log else echo "------------------------------------" echo " UnixWare pkgadd Local Root...
CVE-2008-1343
Directory traversal vulnerability in 1 pkgadd and 2 pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors...
CVE-2008-1343
Directory traversal vulnerability in 1 pkgadd and 2 pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors...
CVE-2005-3903
Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows local users to execute arbitrary code via a -S scheme argument that specifies a large file, a different vulnerability than CVE-2001-1063...
CVE-2004-1124
CVE-2004-1124 describes a local privilege/escape issue in SCO UnixWare 7.1.1–7.1.4 where the chroot jail can be broken, enabling local users to escape and perform unauthorized actions. The vulnerability affects specific binaries listed by SCO (e.g., /etc/conf/pack.d/namefs/Driver_atup.o, Driver_m...