CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
25.6%
Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase.
Vendor | Product | Version | CPE |
---|---|---|---|
apple | xcode | * | cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:* |
openbase_international_ltd | openbase | * | cpe:2.3:a:openbase_international_ltd:openbase:*:*:mac_os_x:*:*:*:*:* |
openbase_international_ltd | openbase | 7.0.15 | cpe:2.3:a:openbase_international_ltd:openbase:7.0.15:*:mac_os_x:*:*:*:*:* |
openbase_international_ltd | openbase | 8.0.4 | cpe:2.3:a:openbase_international_ltd:openbase:8.0.4:*:mac_os_x:*:*:*:*:* |
openbase_international_ltd | openbase | 9.1.5 | cpe:2.3:a:openbase_international_ltd:openbase:9.1.5:*:mac_os_x:*:*:*:*:* |
lists.apple.com/archives/security-announce/2007/Oct/msg00001.html
secunia.com/advisories/22390
secunia.com/advisories/22474
secunia.com/advisories/27441
www.digitalmunition.com/DMA%5B2006-1016a%5D.txt
www.digitalmunition.com/Xcode_OpenBase_pwn.pl
www.securityfocus.com/bid/20562
www.securitytracker.com/id?1018872
www.vupen.com/english/advisories/2006/4058
www.vupen.com/english/advisories/2006/4059
www.vupen.com/english/advisories/2007/3665
exchange.xforce.ibmcloud.com/vulnerabilities/29624