CVE-2006-5215

The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.

Score2.6
Access VectorLOCAL
Access ComplexityHIGH
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactNONE
Published2006-10-10 12:06:00.000-04
Last Modified2018-10-30 12:26:23.000-04

Vulnerable Software List

VendorProductVersions
Netbsd Netbsd 1.0, 1.1, 1.2, 1.2.1, 1.3, 1.3.1, 1.3.2, 1.3.3, 1.4, 1.4.1, 1.4.1::a, 1.4::alpha, 1.4::arm32, 1.4::sparc, 1.4::x86
X.org Xdm 1.0.3
Sun Sunos 5.8, 5.9
Sun Solaris 10.0::sparc, 8.0::sparc, 8.0::x86, 8.0:beta, 9.0::sparc, 9.0::x86, 9.0:x86 update 2

References

SourceLink
SECTRACK1017015
SUNALERT102652
CONFIRMhttp://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
CONFIRMhttp://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32805
CONFIRMhttps://bugs.freedesktop.org/show_bug.cgi?id=5898
XFxdm-xsession-symlink(29427)