CVE-2008-1343

SCO UnixWare 7.1.4 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1343. PoCs published by qaaz.

AI-analyzed exploit summary This exploit leverages a vulnerability in SCO UnixWare's pkgadd utility to perform a local privilege escalation by manipulating symbolic links and the sulog file. It abuses improper handling of the PKGINST variable to overwrite the su configuration file, granting root access.

Description

Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED
by qaaz · bashlocalsco
https://www.exploit-db.com/exploits/5355

This exploit leverages a vulnerability in SCO UnixWare's pkgadd utility to perform a local privilege escalation by manipulating symbolic links and the sulog file. It abuses improper handling of the PKGINST variable to overwrite the su configuration file, granting root access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: SCO UnixWare < 7.1.4 p534589
Auth required
Prerequisites: Local user access on the target system · Presence of vulnerable pkgadd utility
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41200
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29370
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28236
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0871

Scores

EPSS 0.0076
EPSS Percentile 50.4%

Details

CWE
CWE-22
Status published
Products (1)
sco/unixware 7.1.4
Published Mar 17, 2008
Tracked Since Feb 18, 2026