SCO UnixWare pkgadd Directory Traversal Privilege Escalation

SCO UnixWare pkgadd Directory Traversal Privilege Escalation

Secunia Advisory: SA29657   Release Date: 2008-04-04 Critical: Less critical Impact: Privilege escalationWhere: Local systemSolution Status: Vendor Patch OS:UnixWare 7.x.x

Description:A vulnerability has been reported in SCO UnixWare, which can be exploited by malicious, local users to gain escalated privileges.The vulnerability is caused due to the "pkgadd" command not properly filtering a certain environment variable. This can be exploited to add user accounts or gain escalated privileges by overwriting system files via directory traversal sequences (e.g. "../").This is related to:SA29370Successful exploitation allows gaining root privileges, but requires that the attacker can execute arbitrary shell commands.The vulnerability is reported in SCO UnixWare 7.1.4. Other versions may also be affected.Solution:Apply patches.http://www.sco.com/support/update/download/release.php?rid=324Provided and/or discovered by:Discovered by an anonymous person and reported via iDefense Labs.Changelog:2008-04-04: Added reference to related SA29370.Original Advisory:iDefense Labs:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=676SCO:http://www.sco.com/support/update/download/release.php?rid=324Other References:SA29370:http://secunia.com/advisories/29370/

Döküman Arama

Başlık :