CVE-2006-5214
published 2006-10-10CVE-2006-5214: Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before…
PriorityP45low1.2CVSS 2.0
AVLACHAuNCPINAN
EPSS
0.34%
26.0th percentile
Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | xdm | < xdm 1:1.0.5-1 (bookworm) | xdm 1:1.0.5-1 (bookworm) |
| debian | xorg | < xdm 1:1.0.5-1 (bookworm) | xdm 1:1.0.5-1 (bookworm) |
| netbsd | netbsd | — | — |
| netbsd | netbsd | — | — |
| sun | solaris | — | — |
| sun | solaris | — | — |
| sun | sunos | — | — |
| x.org | xdm | >= 0 < 1:1.0.5-1 | 1:1.0.5-1 |
| x.org | xdm | >= 0 < 1:1.0.5-1 | 1:1.0.5-1 |
| x.org | xdm | >= 0 < 1:1.0.5-1 | 1:1.0.5-1 |
| x.org | xdm | >= 0 < 1:1.0.5-1 | 1:1.0.5-1 |
CVSS provenance
nvdv2.01.2LOWAV:L/AC:H/Au:N/C:P/I:N/A:N
osv1.2LOW
vendor_debian1.2LOW
vendor_redhat1.2LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
X.org X11 up to 7.x xdm Xsession race condition (Nessus ID 23447 / XFDB-29422)
vuldb·2026-04-24·CVSS 1.2
CVE-2006-5214 [LOW] X.org X11 up to 7.x xdm Xsession race condition (Nessus ID 23447 / XFDB-29422)
A vulnerability categorized as problematic has been discovered in X.org X11 up to 7.x. Impacted is an unknown function of the file Xsession of the component xdm. Such manipulation leads to race condition.
This vulnerability is uniquely identified as CVE-2006-5214. The attack can only be initiated within the local network. No exploit exists.
It is advisable to implement a patch to correct this issue.
GHSA
GHSA-6w46-68r7-2g8p: Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X
ghsa_unreviewed·2022-05-01
CVE-2006-5214 [LOW] GHSA-6w46-68r7-2g8p: Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X
Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.
OSV
CVE-2006-5214: Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X
osv·2006-10-10·CVSS 1.2
CVE-2006-5214 [LOW] CVE-2006-5214: Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X
Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.
Ubuntu
Xsession vulnerability
vendor_ubuntu·2006-10-16
CVE-2006-5214 Xsession vulnerability
Title: Xsession vulnerability
Summary: Xsession vulnerability
A race condition existed that would allow other local users to see error
messages generated during another user's X session. This could allow
potentially sensitive information to be leaked.
Instructions: After a standard system upgrade you need to restart your session to
effect the necessary changes.
Red Hat
xdm race
vendor_redhat·2006-02-16·CVSS 1.2
CVE-2006-5214 [LOW] xdm race
xdm race
Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Debian
CVE-2006-5214: xdm - Race condition in the Xsession script, as used by X Display Manager (xdm) in Net...
vendor_debian·2006·CVSS 1.2
CVE-2006-5214 [LOW] CVE-2006-5214: xdm - Race condition in the Xsession script, as used by X Display Manager (xdm) in Net...
Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.
Scope: local
bookworm: resolved (fixed in 1:1.0.5-1)
bullseye: resolved (fixed in 1:1.0.5-1)
forky: resolved (fixed in 1:1.0.5-1)
sid: resolved (fixed in 1:1.0.5-1)
trixie: resolved (fixed in 1:1.0.5-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-5214 xdm race
bugzilla·2007-02-25·CVSS 1.2
CVE-2006-5214 [LOW] CVE-2006-5214 xdm race
CVE-2006-5214 xdm race
Race condition in the Xsession script, as used by X Display Manager (xdm) in
NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before
20061006, causes a user's Xsession errors file to have weak permissions before a
chmod is performed, which allows local users to read Xsession errors files of
other users.
Discussion:
In xinitrc's Xsession (RHEL4) this problem does exist:
11 # redirect errors to a file in user's home directory if we can
12 if [ -z "$GDMSESSION" ]; then
13 # GDM redirect output itself in a smarter fashion
14 errfile="$HOME/.xsession-errors"
15 if cp /dev/null "$errfile" 2> /dev/null ; then
16 chmod 600 "$errfile"
17 exec > "$errfile" 2>&1
18 else
19 errfile=$(mktemp -q /tmp/xses-$USER.XXXXXX)
20 if [ $? -eq 0 ]; then
21 exec >
Bugzilla
CVE-2006-5214 Xsession problems (CVE-2006-5215)
bugzilla·2006-10-25·CVSS 1.2
CVE-2006-5214 [LOW] CVE-2006-5214 Xsession problems (CVE-2006-5215)
CVE-2006-5214 Xsession problems (CVE-2006-5215)
+++ This bug was initially created as a clone of Bug #212167 +++
Two issues in XFree86/xorg Xsession were reported and fixed upstream. Both
relate to the handling of the xsession file.
CVE-2006-5214: A local attacker could open for reading a users
~/.xsession-errors file if they are able to win a race during it's creation and
have sufficient privileges (+x) to the victims home directory already.
CVE-2006-5215: A local attacker could perform a temporary file attack on the
xsession error file created in /tmp and cause it to overwrite particular files
of the victim. However this file is only created if the ability to create
~/.xsession-errors in the victims home directory fails, (something the attacker
has no control over). The upstream Xses
Bugzilla
CVE-2006-5214 Xsession problems (CVE-2006-5215)
bugzilla·2006-10-25·CVSS 1.2
CVE-2006-5214 [LOW] CVE-2006-5214 Xsession problems (CVE-2006-5215)
CVE-2006-5214 Xsession problems (CVE-2006-5215)
+++ This bug was initially created as a clone of Bug #210312 +++
Two issues in XFree86/xorg Xsession were reported and fixed upstream. Both
relate to the handling of the xsession file.
CVE-2006-5214: A local attacker could open for reading a users
~/.xsession-errors file if they are able to win a race during it's creation and
have sufficient privileges (+x) to the victims home directory already.
CVE-2006-5215: A local attacker could perform a temporary file attack on the
xsession error file created in /tmp and cause it to overwrite particular files
of the victim. However this file is only created if the ability to create
~/.xsession-errors in the victims home directory fails, (something the attacker
has no control over). The upstream Xses
Bugzilla
CVE-2006-5214 Xsession problems (CVE-2006-5215)
bugzilla·2006-10-25·CVSS 1.2
CVE-2006-5214 [LOW] CVE-2006-5214 Xsession problems (CVE-2006-5215)
CVE-2006-5214 Xsession problems (CVE-2006-5215)
+++ This bug was initially created as a clone of Bug #212166 +++
Two issues in XFree86/xorg Xsession were reported and fixed upstream. Both
relate to the handling of the xsession file.
CVE-2006-5214: A local attacker could open for reading a users
~/.xsession-errors file if they are able to win a race during it's creation and
have sufficient privileges (+x) to the victims home directory already.
CVE-2006-5215: A local attacker could perform a temporary file attack on the
xsession error file created in /tmp and cause it to overwrite particular files
of the victim. However this file is only created if the ability to create
~/.xsession-errors in the victims home directory fails, (something the attacker
has no control over). The upstream Xses
Bugzilla
CVE-2006-5214 Xsession problems (CVE-2006-5215)
bugzilla·2006-10-11·CVSS 1.2
CVE-2006-5214 [LOW] CVE-2006-5214 Xsession problems (CVE-2006-5215)
CVE-2006-5214 Xsession problems (CVE-2006-5215)
Two issues in XFree86/xorg Xsession were reported and fixed upstream. Both
relate to the handling of the xsession file.
CVE-2006-5214: A local attacker could open for reading a users
~/.xsession-errors file if they are able to win a race during it's creation and
have sufficient privileges (+x) to the victims home directory already.
CVE-2006-5215: A local attacker could perform a temporary file attack on the
xsession error file created in /tmp and cause it to overwrite particular files
of the victim. However this file is only created if the ability to create
~/.xsession-errors in the victims home directory fails, (something the attacker
has no control over). The upstream Xsession code was different (and worse) than
our xinitrc code, but we
Bugzilla
CVE-2006-5214 Xsession problems (CVE-2006-5215)
bugzilla·2006-10-11·CVSS 1.2
CVE-2006-5214 [LOW] CVE-2006-5214 Xsession problems (CVE-2006-5215)
CVE-2006-5214 Xsession problems (CVE-2006-5215)
Two issues in XFree86/xorg Xsession were reported and fixed upstream. Both
relate to the handling of the xsession file.
CVE-2006-5214: A local attacker could open for reading a users
~/.xsession-errors file if they are able to win a race during it's creation and
have sufficient privileges (+x) to the victims home directory already.
CVE-2006-5215: A local attacker could perform a temporary file attack on the
xsession error file created in /tmp and cause it to overwrite particular files
of the victim. However this file is only created if the ability to create
~/.xsession-errors in the victims home directory fails, (something the attacker
has no control over). The upstream Xsession code was different (and worse) than
our xinitrc code, but we
http://secunia.com/advisories/22323http://secunia.com/advisories/22439http://secunia.com/advisories/22469http://secunia.com/advisories/22992http://securitytracker.com/id?1017015http://sunsolve.sun.com/search/document.do?assetkey=1-26-102652-1http://support.avaya.com/elmodocs2/security/ASA-2006-250.htmhttp://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32804http://www.securityfocus.com/bid/20400http://www.ubuntu.com/usn/usn-364-1http://www.vupen.com/english/advisories/2006/3962https://bugs.freedesktop.org/show_bug.cgi?id=5897https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1760http://secunia.com/advisories/22323http://secunia.com/advisories/22439http://secunia.com/advisories/22469http://secunia.com/advisories/22992http://securitytracker.com/id?1017015http://sunsolve.sun.com/search/document.do?assetkey=1-26-102652-1http://support.avaya.com/elmodocs2/security/ASA-2006-250.htmhttp://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32804http://www.securityfocus.com/bid/20400http://www.ubuntu.com/usn/usn-364-1http://www.vupen.com/english/advisories/2006/3962https://bugs.freedesktop.org/show_bug.cgi?id=5897https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1760
2006-10-10
Published