CVE-2008-6558: Input Validation

Published Mar 30, 2009

Updated

Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANTPATH environment variable to point to a malicious bin/hvenv program.

Affected Software

2 affected components

SCO UnixWare=7.1.4

UnixWare ReliantHA=1.1.4

Remediation

Patch Available

ftp://ftp.sco.com/pub/unixware7/714/security/p534850/p534850.txt

Event History

Mar 30, 2009

CVE Published

via MITRE·08:00 PM

Data Sourced

via MITRE·08:00 PM

Description

Data Sourced

08:30 PM

DescriptionWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2008-6558?

CVE-2008-6558 is classified as a local privilege escalation vulnerability allowing unprivileged local users to gain root access.

How do I fix CVE-2008-6558?

To fix CVE-2008-6558, ensure that the RELIANT_PATH environment variable is properly secured and does not point to untrusted directories.

What systems are affected by CVE-2008-6558?

CVE-2008-6558 affects SCO UnixWare 7.1.4 and ReliantHA version 1.1.4.

What can an attacker do with CVE-2008-6558?

An attacker exploiting CVE-2008-6558 can execute arbitrary code with elevated privileges, potentially compromising the entire system.

Is there a patch available for CVE-2008-6558?

There may not be a specific patch available, but applying security updates and following best practices for environment variable management can mitigate the risk.