ID CVE-2006-5214
Summary Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.
References
Vulnerable Configurations
  • cpe:2.3:o:netbsd:netbsd:3.0:*:*:*:*:*:*:*
    cpe:2.3:o:netbsd:netbsd:3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:netbsd:netbsd:3.99.15:*:*:*:*:*:*:*
    cpe:2.3:o:netbsd:netbsd:3.99.15:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
CVSS
Base: 1.2 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:H/Au:N/C:P/I:N/A:N
oval via4
accepted 2007-09-27T08:57:41.428-04:00
class vulnerability
contributors
name Pai Peng
organization Opsware, Inc.
definition_extensions
  • comment Solaris 8 (SPARC) is installed
    oval oval:org.mitre.oval:def:1539
  • comment Solaris 9 (SPARC) is installed
    oval oval:org.mitre.oval:def:1457
  • comment Solaris 10 (SPARC) is installed
    oval oval:org.mitre.oval:def:1440
  • comment Solaris 8 (x86) is installed
    oval oval:org.mitre.oval:def:2059
  • comment Solaris 9 (x86) is installed
    oval oval:org.mitre.oval:def:1683
  • comment Solaris 10 (x86) is installed
    oval oval:org.mitre.oval:def:1926
description Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.
family unix
id oval:org.mitre.oval:def:1760
status accepted
submitted 2007-08-10T12:25:23.000-04:00
title Security Vulnerability in X Display Manager (xdm(1)) Xsession Script
version 31
refmap via4
bid 20400
confirm
sectrack 1017015
secunia
  • 22323
  • 22439
  • 22469
  • 22992
sunalert 102652
ubuntu USN-364-1
vupen ADV-2006-3962
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 30-10-2018 - 16:25
Published 10-10-2006 - 04:06
Back to Top