Path Traversal in Sco Unixware

CVE-2008-0310

Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.010 (58.5th percentile) — read the EPSS interpretation.

Affected products

Sco Unixware — versions 7.1.4
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (vendor-advisory, x_refsource_SCO)
cve@mitre.org (exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (x_refsource_IDEFENSE, third-party-advisory)
cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)