{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-03T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via \"..\" sequences in an unspecified environment variable, probably PKGINST."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.sco.com/support/update/download/release.php?rid=324"}, {"name": "1019787", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019787"}, {"name": "sco-unixware-pkgadd-directory-traversal(41759)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41759"}, {"name": "SCOSA-2008.1", "tags": ["vendor-advisory", "x_refsource_SCO"], "url": "http://ftp.sco.com/pub/unixware7/714/security/p534589/p534589.txt"}, {"name": "5355", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/5355"}, {"name": "20080403 SCO UnixWare pkgadd Directory Traversal Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=676"}, {"name": "29657", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29657"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0310", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via \"..\" sequences in an unspecified environment variable, probably PKGINST."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.sco.com/support/update/download/release.php?rid=324", "refsource": "CONFIRM", "url": "http://www.sco.com/support/update/download/release.php?rid=324"}, {"name": "1019787", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019787"}, {"name": "sco-unixware-pkgadd-directory-traversal(41759)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41759"}, {"name": "SCOSA-2008.1", "refsource": "SCO", "url": "http://ftp.sco.com/pub/unixware7/714/security/p534589/p534589.txt"}, {"name": "5355", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/5355"}, {"name": "20080403 SCO UnixWare pkgadd Directory Traversal Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=676"}, {"name": "29657", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29657"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:39:34.978Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.sco.com/support/update/download/release.php?rid=324"}, {"name": "1019787", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019787"}, {"name": "sco-unixware-pkgadd-directory-traversal(41759)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41759"}, {"name": "SCOSA-2008.1", "tags": ["vendor-advisory", "x_refsource_SCO", "x_transferred"], "url": "http://ftp.sco.com/pub/unixware7/714/security/p534589/p534589.txt"}, {"name": "5355", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/5355"}, {"name": "20080403 SCO UnixWare pkgadd Directory Traversal Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=676"}, {"name": "29657", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29657"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0310", "datePublished": "2008-04-07T17:00:00", "dateReserved": "2008-01-16T00:00:00", "dateUpdated": "2024-08-07T07:39:34.978Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sco:unixware:7.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "059218D3-A3AD-4A10-9AA4-FBB689321D90", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via \"..\" sequences in an unspecified environment variable, probably PKGINST."}, {"lang": "es", "value": "Vulnerabilidad de Salto de Directorio en pkgadd de SCO UnixWare 7.1.4 y versiones anteriores a p534589 permite a usuarios locales crear o agregar archivos de su elecci\u00f3n mediante secuencias \u201c..\u201d en una variable de entorno sin especificar, probablemente PKGINST."}], "id": "CVE-2008-0310", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-04-07T17:44:00.000", "references": [{"source": "cve@mitre.org", "url": "http://ftp.sco.com/pub/unixware7/714/security/p534589/p534589.txt"}, {"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=676"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29657"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.sco.com/support/update/download/release.php?rid=324"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019787"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41759"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/5355"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ftp.sco.com/pub/unixware7/714/security/p534589/p534589.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=676"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29657"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.sco.com/support/update/download/release.php?rid=324"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019787"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41759"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/5355"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}