Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2006-5215
HistoryOct 10, 2006 - 4:06 a.m.

CVE-2006-5215

2006-10-1004:06:00
[email protected]
web.nvd.nist.gov
22
xsession script
xdm
symlink attack
local users
security vulnerability
nvd
cve-2006-5215

2.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.4%

JSON

The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user’s Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.

Affected configurations

NVD
Node
x.orgxdmRange1.0.3
Node
netbsdnetbsdRangecurrent
OR
netbsdnetbsdMatch1.0
OR
netbsdnetbsdMatch1.1
OR
netbsdnetbsdMatch1.2
OR
netbsdnetbsdMatch1.2.1
OR
netbsdnetbsdMatch1.3
OR
netbsdnetbsdMatch1.3.1
OR
netbsdnetbsdMatch1.3.2
OR
netbsdnetbsdMatch1.3.3
OR
netbsdnetbsdMatch1.4
OR
netbsdnetbsdMatch1.4alpha
OR
netbsdnetbsdMatch1.4arm32
OR
netbsdnetbsdMatch1.4sparc
OR
netbsdnetbsdMatch1.4x86
OR
netbsdnetbsdMatch1.4.1
OR
netbsdnetbsdMatch1.4.1alpha
OR
netbsdnetbsdMatch1.4.1arm32
OR
netbsdnetbsdMatch1.4.1sh3
OR
netbsdnetbsdMatch1.4.1sparc
OR
netbsdnetbsdMatch1.4.1x86
OR
netbsdnetbsdMatch1.4.2
OR
netbsdnetbsdMatch1.4.2alpha
OR
netbsdnetbsdMatch1.4.2arm32
OR
netbsdnetbsdMatch1.4.2sparc
OR
netbsdnetbsdMatch1.4.2x86
OR
netbsdnetbsdMatch1.4.3
OR
netbsdnetbsdMatch1.5
OR
netbsdnetbsdMatch1.5sh3
OR
netbsdnetbsdMatch1.5x86
OR
netbsdnetbsdMatch1.5.1
OR
netbsdnetbsdMatch1.5.2
OR
netbsdnetbsdMatch1.5.3
OR
netbsdnetbsdMatch1.6
OR
netbsdnetbsdMatch1.6beta
OR
netbsdnetbsdMatch1.6.1
OR
netbsdnetbsdMatch1.6.2
OR
netbsdnetbsdMatch2.0
OR
netbsdnetbsdMatch2.0.1
OR
netbsdnetbsdMatch2.0.2
OR
netbsdnetbsdMatch2.0.3
OR
netbsdnetbsdMatch2.1
OR
netbsdnetbsdMatch3.0
OR
netbsdnetbsdMatch3.99.15
OR
netbsdnetbsdMatch4.0
OR
sunsolarisMatch8.0sparc
OR
sunsolarisMatch8.0x86
OR
sunsolarisMatch8.0beta
OR
sunsolarisMatch9.0sparc
OR
sunsolarisMatch9.0x86
OR
sunsolarisMatch9.0x86_update_2
OR
sunsolarisMatch10.0sparc
OR
sunsunosMatch5.8
OR
sunsunosMatch5.9
CPENameOperatorVersion
x.org:xdmx.org xdmle1.0.3

Related

cvelist 1
debiancve 1
nvd 1
nessus 6
cvelist
cvelist
CVE-2006-5215
2006-10-09 21:00:00
debiancve
debiancve
CVE-2006-5215
2006-10-10 04:06:00
nvd
nvd
CVE-2006-5215
2006-10-10 04:06:00
nessus
nessus
Solaris 8 (sparc) : 111844-04
2006-11-06 00:00:00
Solaris 9 (x86) : 124831-01
2007-02-18 00:00:00
Solaris 10 (sparc) : 124457-03 (deprecated)
2007-01-08 00:00:00

2.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.4%

JSON
Related for CVE-2006-5215
cvelist1debiancve1nvd1nessus6