Lucene search

MitreCVE-2008-0310

HistoryApr 07, 2008 - 5:44 p.m.

CVE-2008-0310

2008-04-0717:44:00

CWE-22

mitre

web.nvd.nist.gov

cve-2008-0310

directory traversal

pkgadd

sco unixware 7.1.4

p534589

nvd

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via “…” sequences in an unspecified environment variable, probably PKGINST.

Affected configurations

Nvd

Node

scounixwareMatch7.1.4

VendorProductVersionCPE
scounixware7.1.4cpe:2.3:o:sco:unixware:7.1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sco	unixware	7.1.4	cpe:2.3:o:sco:unixware:7.1.4:::::::*

References

ftp.sco.com/pub/unixware7/714/security/p534589/p534589.txt

labs.idefense.com/intelligence/vulnerabilities/display.php?id=676

secunia.com/advisories/29657

www.sco.com/support/update/download/release.php?rid=324

www.securitytracker.com/id?1019787

exchange.xforce.ibmcloud.com/vulnerabilities/41759

www.exploit-db.com/exploits/5355

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-0310