Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-6559

CWE-20Improper Input Validation4 documents4 sources
Severity
7.2HIGH
EPSS
0.5%
top 34.79%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SCO RelianthaSCO Unixware
Timeline
PublishedMar 30
Latest updateMay 17

Description

Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. (dot dot) sequences that point to a directory containing a file whose name includes shell metacharacters.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

NVDsco/unixware7.1.4
NVDsco/reliantha1.1.4

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-fj42-9q29-3g2m: Merge mcd in ReliantHA 12022-05-17
CVEList
CVE-2008-6559: Merge mcd in ReliantHA 12009-03-30

💥Exploits & PoCs

1
Exploit-DB
SCO UnixWare Merge - 'mcd' Local Privilege Escalation2008-04-04
CVE-2008-6559 (HIGH CVSS 7.2) | Merge mcd in ReliantHA 1.1.4 in SCO | cvebase.io