Lucene search

[email protected]CVE-2006-4124

HistoryAug 14, 2006 - 11:04 p.m.

CVE-2006-4124

2006-08-1423:04:00

[email protected]

web.nvd.nist.gov

cve

2006

4124

lesstif

libxm

debug_file

environment variable

privilege escalation

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program.

Affected configurations

NVD

Node

lesstiflesstifRange≤0.95.0

lesstiflesstifMatch0.93.94

CPENameOperatorVersion
lesstif:lesstiflesstifle0.95.0
lesstif:lesstiflesstifeq0.93.94

CPE	Name	Operator	Version
lesstif:lesstif	lesstif	le	0.95.0
lesstif:lesstif	lesstif	eq	0.93.94

References

karol.wiesek.pl/files/lesstif-advisory.pdf

secunia.com/advisories/21428

www.securityfocus.com/bid/19430

www.vupen.com/english/advisories/2006/3230

exchange.xforce.ibmcloud.com/vulnerabilities/28298

www.exploit-db.com/exploits/2144

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2006-4124

redhatcve1 ubuntucve1 nvd1 cvelist1