CVE-2006-5214Race Condition in Netbsd

13 documents8 sources
Severity
1.2LOWNVD
EPSS
0.1%
top 76.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
X.org XDMNetbsdSUN Solaris+1 more
Timeline
PublishedOct 10
Latest updateMay 1

Description

Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.

CVSS vector

AV:L/AC:H/C:P/I:N/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages3 packages

NVDsun/solaris10.0, 9.0+1
Debianx.org/xdm< 1:1.0.5-1+3
NVDsun/sunos5.8

Also affects: Netbsd 3.0, 3.99.15

Patches

Patch: sunsolve.sun.comPatch: www.netbsd.orgPatch: sunsolve.sun.com

🔴Vulnerability Details

3
GHSA
GHSA-6w46-68r7-2g8p: Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X2022-05-01
OSV
CVE-2006-5214: Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X2006-10-10
CVEList
CVE-2006-5214: Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X2006-10-09

📋Vendor Advisories

3
Ubuntu
Xsession vulnerability2006-10-16
Red Hat
xdm race2006-02-16
Debian
CVE-2006-5214: xdm - Race condition in the Xsession script, as used by X Display Manager (xdm) in Net...2006

💬Community

6
Bugzilla
CVE-2006-5214 xdm race2007-02-25
Bugzilla
CVE-2006-5214 Xsession problems (CVE-2006-5215)2006-10-25
Bugzilla
CVE-2006-5214 Xsession problems (CVE-2006-5215)2006-10-25
Bugzilla
CVE-2006-5214 Xsession problems (CVE-2006-5215)2006-10-25
Bugzilla
CVE-2006-5214 Xsession problems (CVE-2006-5215)2006-10-11
CVE-2006-5214 — Race Condition in Netbsd | cvebase