Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-6558

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.2HIGH

EPSS

0.3%

top 46.10%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SCO Unixware Unixware Reliantha

Timeline

PublishedMar 30

Latest updateMay 17

Description

Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANT_PATH environment variable to point to a malicious bin/hvenv program.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDunixware/reliantha1.1.4

▶NVDsco/unixware7.1.4

Patches

Patch: ftp.sco.com ↗Patch: ftp.sco.com ↗

🔴Vulnerability Details

GHSA

GHSA-83r7-f4pp-52x2: Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1↗2022-05-17

▶

CVEList

CVE-2008-6558: Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1↗2009-03-30

▶

💥Exploits & PoCs

Exploit-DB

SCO UnixWare Reliant HA 1.1.4 - Local Privilege Escalation↗2008-04-04

▶