Lucene search

[email protected]CVE-2006-5851

HistoryNov 10, 2006 - 2:07 a.m.

CVE-2006-5851

2006-11-1002:07:00

CWE-59

[email protected]

web.nvd.nist.gov

cve-2006-5851

openbase sql

symlink attack

arbitrary files

local users

nvd

7.2 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

0.4%

JSON

openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328.

CPENameOperatorVersion
openbase_international_ltd:openbaseopenbase international ltd openbaseeq7.0.15
openbase_international_ltd:openbaseopenbase international ltd openbaseeq9.1.5
openbase_international_ltd:openbaseopenbase international ltd openbaseeq8.0.4
openbase_international_ltd:openbaseopenbase international ltd openbaseeq10.0

CPE	Name	Operator	Version
openbase_international_ltd:openbase	openbase international ltd openbase	eq	7.0.15
openbase_international_ltd:openbase	openbase international ltd openbase	eq	9.1.5
openbase_international_ltd:openbase	openbase international ltd openbase	eq	8.0.4
openbase_international_ltd:openbase	openbase international ltd openbase	eq	10.0

References

marc.info/?l=full-disclosure&m=116296717330758&w=2

secunia.com/advisories/22742

www.digitalmunition.com/DMA%5B2006-1107a%5D.txt

www.vupen.com/english/advisories/2006/4404

www.exploit-db.com/exploits/2737

7.2 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2006-5851

cve1