SCO UnixWare pkgadd Directory Traversal Privilege Escalation

SCO UnixWare pkgadd Directory Traversal Privilege Escalation

Secunia Advisory: SA29657   Release Date: 2008-04-04 Critical: Less critical Impact: Privilege escalationWhere: Local systemSolution Status: Vendor Patch OS:UnixWare 7.x.x

Description:A vulnerability has been reported in SCO UnixWare, which can be exploited by malicious, local users to gain escalated privileges.The vulnerability is caused due to the "pkgadd" command not properly filtering a certain environment variable. This can be exploited to add user accounts or gain escalated privileges by overwriting system files via directory traversal sequences (e.g. "../").This is related to:SA29370Successful exploitation allows gaining root privileges, but requires that the attacker can execute arbitrary shell commands.The vulnerability is reported in SCO UnixWare 7.1.4. Other versions may also be affected.Solution:Apply patches. and/or discovered by:Discovered by an anonymous person and reported via iDefense Labs.Changelog:2008-04-04: Added reference to related SA29370.Original Advisory:iDefense Labs: References:SA29370:

Döküman Arama

Başlık :