CVE-2006-5215

Current Description

The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.

Evaluator Description

This vulnerability is addressed in the following product updates:X.org, xdm, 2006-03-17NetBSD, NetBSD, Current 2006-02-12Sun, Solaris, 10 2006-10-06

Basic Data

PublishedOctober 10, 2006
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:H/Au:N/C:P/I:P/A:N
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityHIGH
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score2.6
SeverityLOW
Exploitability Score1.9
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationX.orgXdm********1.0.3
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSNetbsdNetbsd1.0*******
    2.3OSNetbsdNetbsd1.1*******
    2.3OSNetbsdNetbsd1.2*******
    2.3OSNetbsdNetbsd1.2.1*******
    2.3OSNetbsdNetbsd1.3*******
    2.3OSNetbsdNetbsd1.3.1*******
    2.3OSNetbsdNetbsd1.3.2*******
    2.3OSNetbsdNetbsd1.3.3*******
    2.3OSNetbsdNetbsd1.4*******
    2.3OSNetbsdNetbsd1.4*alpha*****
    2.3OSNetbsdNetbsd1.4*arm32*****
    2.3OSNetbsdNetbsd1.4*sparc*****
    2.3OSNetbsdNetbsd1.4*x86*****
    2.3OSNetbsdNetbsd1.4.1*******
    2.3OSNetbsdNetbsd1.4.1*alpha*****
    2.3OSNetbsdNetbsd1.4.1*arm32*****
    2.3OSNetbsdNetbsd1.4.1*sh3*****
    2.3OSNetbsdNetbsd1.4.1*sparc*****
    2.3OSNetbsdNetbsd1.4.1*x86*****
    2.3OSNetbsdNetbsd1.4.2*******
    2.3OSNetbsdNetbsd1.4.2*alpha*****
    2.3OSNetbsdNetbsd1.4.2*arm32*****
    2.3OSNetbsdNetbsd1.4.2*sparc*****
    2.3OSNetbsdNetbsd1.4.2*x86*****
    2.3OSNetbsdNetbsd1.4.3*******
    2.3OSNetbsdNetbsd1.5*******
    2.3OSNetbsdNetbsd1.5*sh3*****
    2.3OSNetbsdNetbsd1.5*x86*****
    2.3OSNetbsdNetbsd1.5.1*******
    2.3OSNetbsdNetbsd1.5.2*******
    2.3OSNetbsdNetbsd1.5.3*******
    2.3OSNetbsdNetbsd1.6*******
    2.3OSNetbsdNetbsd1.6beta******
    2.3OSNetbsdNetbsd1.6.1*******
    2.3OSNetbsdNetbsd1.6.2*******
    2.3OSNetbsdNetbsd2.0*******
    2.3OSNetbsdNetbsd2.0.1*******
    2.3OSNetbsdNetbsd2.0.2*******
    2.3OSNetbsdNetbsd2.0.3*******
    2.3OSNetbsdNetbsd2.1*******
    2.3OSNetbsdNetbsd3.0*******
    2.3OSNetbsdNetbsd3.99.15*******
    2.3OSNetbsdNetbsd4.0*******
    2.3OSNetbsdNetbsd********current
    2.3OSSunSolaris8.0*sparc*****
    2.3OSSunSolaris8.0*x86*****
    2.3OSSunSolaris8.0beta******
    2.3OSSunSolaris9.0*sparc*****
    2.3OSSunSolaris9.0*x86*****
    2.3OSSunSolaris9.0x86_update_2******
    2.3OSSunSolaris10.0*sparc*****
    2.3OSSunSunos5.8*******
    2.3OSSunSunos5.9*******

Vulnerable Software List

VendorProductVersions
Netbsd Netbsd *, 1.0, 1.1, 1.2, 1.2.1, 1.3, 1.3.1, 1.3.2, 1.3.3, 1.4, 1.4.1, 1.4.2, 1.4.3, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.6, 1.6.1, 1.6.2, 2.0, 2.0.1, 2.0.2, 2.0.3, 2.1, 3.0, 3.99.15, 4.0
X.org Xdm *
Sun Solaris 10.0, 8.0, 9.0
Sun Sunos 5.8, 5.9

References

NameSourceURLTags
22992http://secunia.com/advisories/22992SECUNIA
1017015http://securitytracker.com/id?1017015SECTRACK
102652http://sunsolve.sun.com/search/document.do?assetkey=1-26-102652-1SUNALERT
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htmhttp://support.avaya.com/elmodocs2/security/ASA-2006-250.htmCONFIRM
http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32805http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32805CONFIRM
https://bugs.freedesktop.org/show_bug.cgi?id=5898https://bugs.freedesktop.org/show_bug.cgi?id=5898CONFIRM
xdm-xsession-symlink(29427)https://exchange.xforce.ibmcloud.com/vulnerabilities/29427XF
oval:org.mitre.oval:def:2205https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2205OVAL