ID CVE-2006-5214
Summary Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.
References
Vulnerable Configurations
  • NetBSD 3.0
    cpe:2.3:o:netbsd:netbsd:3.0
  • NetBSD 3.99.15
    cpe:2.3:o:netbsd:netbsd:3.99.15
  • cpe:2.3:o:sun:solaris:9.0:-:sparc
    cpe:2.3:o:sun:solaris:9.0:-:sparc
  • cpe:2.3:o:sun:solaris:10.0:-:sparc
    cpe:2.3:o:sun:solaris:10.0:-:sparc
  • Sun SunOS (Solaris 8) 5.8
    cpe:2.3:o:sun:sunos:5.8
CVSS
Base: 1.2 (as of 12-10-2006 - 11:41)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_111844.NASL
    description X11 6.4.1 xdm patch. Date this patch was last updated by Sun : Jan/26/07
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 23335
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23335
    title Solaris 8 (sparc) : 111844-04
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_124831.NASL
    description X11 6.6.1_x86: xdm patch. Date this patch was last updated by Sun : Jan/18/07
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 24410
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24410
    title Solaris 9 (x86) : 124831-01
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_124830.NASL
    description X11 6.6.1: xdm patch. Date this patch was last updated by Sun : Jan/18/07
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 24407
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24407
    title Solaris 9 (sparc) : 124830-01
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_111845.NASL
    description X11 6.4.1_x86: xdm patch. Date this patch was last updated by Sun : Jan/26/07
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 23447
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23447
    title Solaris 8 (x86) : 111845-04
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_124458.NASL
    description X11 6.6.2_x86: xdm patch. Date this patch was last updated by Sun : Jul/16/10 This plugin has been deprecated and either replaced with individual 124458 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 23918
    published 2006-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23918
    title Solaris 10 (x86) : 124458-03 (deprecated)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_124457.NASL
    description X11 6.6.2: xdm patch. Date this patch was last updated by Sun : Jul/16/10 This plugin has been deprecated and either replaced with individual 124457 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 23994
    published 2007-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23994
    title Solaris 10 (sparc) : 124457-03 (deprecated)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-364-1.NASL
    description A race condition existed that would allow other local users to see error messages generated during another user's X session. This could allow potentially sensitive information to be leaked. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27944
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27944
    title Ubuntu 5.10 / 6.06 LTS : xinit vulnerability (USN-364-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-1409.NASL
    description - Thu Aug 2 2007 Soren Sandmann 1.0.2-21 - Fix bug 212167, CVE-2006-5214 - Sun Apr 22 2007 Matthias Clasen 1.0.2-20 - Don't install INSTALL Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27714
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27714
    title Fedora 7 : xorg-x11-xinit-1.0.2-21.fc7 (2007-1409)
oval via4
accepted 2007-09-27T08:57:41.428-04:00
class vulnerability
contributors
name Pai Peng
organization Opsware, Inc.
definition_extensions
  • comment Solaris 8 (SPARC) is installed
    oval oval:org.mitre.oval:def:1539
  • comment Solaris 9 (SPARC) is installed
    oval oval:org.mitre.oval:def:1457
  • comment Solaris 10 (SPARC) is installed
    oval oval:org.mitre.oval:def:1440
  • comment Solaris 8 (x86) is installed
    oval oval:org.mitre.oval:def:2059
  • comment Solaris 9 (x86) is installed
    oval oval:org.mitre.oval:def:1683
  • comment Solaris 10 (x86) is installed
    oval oval:org.mitre.oval:def:1926
description Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.
family unix
id oval:org.mitre.oval:def:1760
status accepted
submitted 2007-08-10T12:25:23.000-04:00
title Security Vulnerability in X Display Manager (xdm(1)) Xsession Script
version 31
refmap via4
bid 20400
confirm
sectrack 1017015
secunia
  • 22323
  • 22439
  • 22469
  • 22992
sunalert 102652
ubuntu USN-364-1
vupen ADV-2006-3962
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 07-03-2011 - 21:42
Published 10-10-2006 - 00:06
Last modified 30-10-2018 - 12:25
Back to Top