cbcvebase.
CVE-2006-5214
published 2006-10-10

CVE-2006-5214: Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before…

PriorityP45low1.2CVSS 2.0
AVLACHAuNCPINAN
EPSS
0.34%
26.0th percentile
Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.

Affected

11 ranges
VendorProductVersion rangeFixed in
debianxdm< xdm 1:1.0.5-1 (bookworm)xdm 1:1.0.5-1 (bookworm)
debianxorg< xdm 1:1.0.5-1 (bookworm)xdm 1:1.0.5-1 (bookworm)
netbsdnetbsd
netbsdnetbsd
sunsolaris
sunsolaris
sunsunos
x.orgxdm>= 0 < 1:1.0.5-11:1.0.5-1
x.orgxdm>= 0 < 1:1.0.5-11:1.0.5-1
x.orgxdm>= 0 < 1:1.0.5-11:1.0.5-1
x.orgxdm>= 0 < 1:1.0.5-11:1.0.5-1

CVSS provenance

nvdv2.01.2LOWAV:L/AC:H/Au:N/C:P/I:N/A:N
osv1.2LOW
vendor_debian1.2LOW
vendor_redhat1.2LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.