SCO UnixWare pkgadd Directory Traversal Privilege Escalation
SCO UnixWare pkgadd Directory Traversal Privilege Escalation Description:A vulnerability has been reported in SCO UnixWare, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the "pkgadd" command not properly filtering a certain environment variable. This can be exploited to add user accounts or gain escalated privileges by overwriting system files via directory traversal sequences (e.g. "../"). This is related to: SA29370 Successful exploitation allows gaining root privileges, but requires that the attacker can execute arbitrary shell commands. The vulnerability is reported in SCO UnixWare 7.1.4. Other versions may also be affected.Solution:Apply patches. http://www.sco.com/support/update/download/release.php?rid=324Provided and/or discovered by:Discovered by an anonymous person and reported via iDefense Labs.Changelog:2008-04-04: Added reference to related SA29370.Original Advisory:iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=676 SCO: http://www.sco.com/support/update/download/release.php?rid=324Other References:SA29370: http://secunia.com/advisories/29370/Extended Solution:The "Extended Solution" section is available for Secunia customers only. Request a trial and get access to the Secunia Customer Area and Extended Secunia advisories.