ID CVE-2006-4124
Summary The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program.
References
Vulnerable Configurations
  • cpe:2.3:a:lesstif:lesstif:0.93.94:*:*:*:*:*:*:*
    cpe:2.3:a:lesstif:lesstif:0.93.94:*:*:*:*:*:*:*
  • cpe:2.3:a:lesstif:lesstif:*:*:*:*:*:*:*:*
    cpe:2.3:a:lesstif:lesstif:*:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 19-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 19430
exploit-db 2144
misc http://karol.wiesek.pl/files/lesstif-advisory.pdf
secunia 21428
vupen ADV-2006-3230
xf lestif-libxm-privilege-escalation(28298)
statements via4
contributor Mark J Cox
lastmodified 2006-08-16
organization Red Hat
statement LessTif is shipped with Red Hat Enterprise Linux 2.1 but not 3 or 4. On Enterprise Linux 2.1 we build LessTif with debugging disabled, so the DEBUG_FILE environment variable is ignored and this issue cannot be exploited.
Last major update 19-10-2017 - 01:29
Published 14-08-2006 - 23:04
Back to Top