CVE-2008-0310: Path Traversal
First published: Mon Apr 07 2008(Updated: )
Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xinuos UnixWare | =7.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=676
- http://www.sco.com/support/update/download/release.php?rid=324
- http://ftp.sco.com/pub/unixware7/714/security/p534589/p534589.txt
- http://www.securitytracker.com/id?1019787
- http://secunia.com/advisories/29657
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41759
- https://www.exploit-db.com/exploits/5355
Frequently Asked Questions
What is the severity of CVE-2008-0310?
CVE-2008-0310 is classified as a medium severity vulnerability.
How do I fix CVE-2008-0310?
To mitigate CVE-2008-0310, apply the security patch provided by SCO for UnixWare 7.1.4.
Who is affected by CVE-2008-0310?
Local users of SCO UnixWare 7.1.4 prior to patch p534589 are affected by CVE-2008-0310.
What type of vulnerability is CVE-2008-0310?
CVE-2008-0310 is a directory traversal vulnerability.
What can attackers do with CVE-2008-0310?
Attackers can exploit CVE-2008-0310 to create or append to arbitrary files on the system.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/sco
- canonical/xinuos unixware
- version/xinuos unixware/7.1.4