SCO UnixWare pkgadd Directory Traversal Privilege Escalation
Description:A vulnerability has been
reported in SCO UnixWare, which can be exploited by malicious, local
users to gain escalated privileges.
The vulnerability is caused due to the "pkgadd" command not properly
filtering a certain environment variable. This can be exploited to add
user accounts or gain escalated privileges by overwriting system files
via directory traversal sequences (e.g. "../").
This is related to:
Successful exploitation allows gaining root privileges, but requires that the attacker can execute arbitrary shell commands.
The vulnerability is reported in SCO UnixWare 7.1.4. Other versions may also be affected.Solution:Apply patches.
http://www.sco.com/support/update/download/release.php?rid=324Provided and/or discovered by:Discovered by an anonymous person and reported via iDefense Labs.Changelog:2008-04-04: Added reference to related SA29370.Original Advisory:iDefense Labs:
http://secunia.com/advisories/29370/Extended Solution:The "Extended Solution" section is available for Secunia customers only. Request a trial and get access to the Secunia Customer Area and Extended Secunia advisories.