CVE-2008-0310 Information

Description

Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ..\ sequences in an unspecified environment variable probably PKGINST.

Reference

http://ftp.sco.com/pub/unixware7/714/security/p534589/p534589.txt http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=676 http://secunia.com/advisories/29657 http://www.sco.com/support/update/download/release.php?rid=324 http://www.securitytracker.com/id?1019787 https://exchange.xforce.ibmcloud.com/vulnerabilities/41759 https://www.exploit-db.com/exploits/5355