CVE-2008-0310

SCO Unixware - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST.

Exploits (1)

exploitdb WORKING POC VERIFIED

by qaaz · bashlocalsco

https://www.exploit-db.com/exploits/5355

View Code ZIP pw:eip

References (7)

[Various Sources] http://ftp.sco.com/pub/unixware7/714/security/p534589/p534589.txt

[Vendor Advisory] http://secunia.com/advisories/29657

[Patch, Vendor Advisory] http://www.sco.com/support/update/download/release.php?rid=324

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41759

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5355

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019787

[Third Party Advisory] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=676

Scores

EPSS 0.0041

EPSS Percentile 61.6%

Details

CWE

CWE-22

Status published

Products (1)

sco/unixware 7.1.4

Published Apr 07, 2008

Tracked Since Feb 18, 2026