Lucene search

[email protected]CVE-2006-5852

HistoryNov 10, 2006 - 2:07 a.m.

CVE-2006-5852

2006-11-1002:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-5852

openbase sql

vulnerability

untrusted search path

local users

privileges

7.3 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

0.4%

JSON

Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327.

CPENameOperatorVersion
openbase_international_ltd:openbaseopenbase international ltd openbaseeq7.0.15
openbase_international_ltd:openbaseopenbase international ltd openbaseeq9.1.5
openbase_international_ltd:openbaseopenbase international ltd openbaseeq8.0.4
openbase_international_ltd:openbaseopenbase international ltd openbaseeq10.0

CPE	Name	Operator	Version
openbase_international_ltd:openbase	openbase international ltd openbase	eq	7.0.15
openbase_international_ltd:openbase	openbase international ltd openbase	eq	9.1.5
openbase_international_ltd:openbase	openbase international ltd openbase	eq	8.0.4
openbase_international_ltd:openbase	openbase international ltd openbase	eq	10.0

References

marc.info/?l=full-disclosure&m=116296717330758&w=2

secunia.com/advisories/22742

www.digitalmunition.com/DMA%5B2006-1107a%5D.txt

www.vupen.com/english/advisories/2006/4404

www.exploit-db.com/exploits/2738

7.3 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2006-5852

cve1