Vulnonym.org

CVE-2008-0310 - Unsexed Suit

Description

Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ..\ sequences in an unspecified environment variable probably PKGINST.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=676 http://www.sco.com/support/update/download/release.php?rid=324 http://ftp.sco.com/pub/unixware7/714/security/p534589/p534589.txt http://www.securitytracker.com/id?1019787 http://secunia.com/advisories/29657 https://exchange.xforce.ibmcloud.com/vulnerabilities/41759 https://www.exploit-db.com/exploits/5355