CVE-2008-0310

SCO UnixWare 7.1.4 - Local Path Traversal via PKGINST Environment Variable

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0310. PoCs published by qaaz.

AI-analyzed exploit summary This exploit leverages a vulnerability in SCO UnixWare's pkgadd utility to perform a local privilege escalation by manipulating symbolic links and the sulog file. It abuses improper handling of the PKGINST variable to overwrite the su configuration file, granting root access.

Description

Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST.

Exploits (1)

exploitdb WORKING POC VERIFIED

by qaaz · bashlocalsco

https://www.exploit-db.com/exploits/5355

View Code ZIP pw:eip

This exploit leverages a vulnerability in SCO UnixWare's pkgadd utility to perform a local privilege escalation by manipulating symbolic links and the sulog file. It abuses improper handling of the PKGINST variable to overwrite the su configuration file, granting root access.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: SCO UnixWare < 7.1.4 p534589

Auth required

Prerequisites: Local user access on the target system · Presence of vulnerable pkgadd utility

MITRE ATT&CK