CVE-2006-5215 — Netbsd vulnerability

13 documents8 sources

Severity

2.6LOWNVD

EPSS

0.1%

top 76.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org XDM Netbsd SUN Solaris +1 more

Timeline

PublishedOct 10

Latest updateMay 1

Description

The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.

CVSS vector

AV:L/AC:H/C:P/I:P/A:NExploitability: 1.9 | Impact: 4.9

Affected Packages5 packages

▶NVDnetbsd/netbsdcurrent+27

▶NVDsun/solaris10.0, 8.0, 9.0+2

▶Debianx.org/xdm< 1:1.0.5-1+3

▶NVDx.org/xdm1.0.3

▶NVDsun/sunos5.8, 5.9+1

🔴Vulnerability Details

GHSA

GHSA-m3qf-v679-cpx6: The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X↗2022-05-01

▶

OSV

CVE-2006-5215: The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X↗2006-10-10

▶

CVEList

CVE-2006-5215: The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X↗2006-10-09

▶

💥Exploits & PoCs

Exploit-DB

ClanLite 2.x - SQL Injection / Cross-Site Scripting↗2008-05-12

▶

📋Vendor Advisories

Red Hat

xdm symlink attack↗2006-02-16

▶

Debian

CVE-2006-5215: xdm - The Xsession script, as used by X Display Manager (xdm) in NetBSD before 2006021...↗2006

▶

💬Community

Bugzilla

CVE-2006-5215 xdm symlink attack↗2007-02-25

▶

Bugzilla

CVE-2006-5214 Xsession problems (CVE-2006-5215)↗2006-10-25

▶

Bugzilla

CVE-2006-5214 Xsession problems (CVE-2006-5215)↗2006-10-25

▶

Bugzilla

CVE-2006-5214 Xsession problems (CVE-2006-5215)↗2006-10-25

▶

Bugzilla

CVE-2006-5214 Xsession problems (CVE-2006-5215)↗2006-10-11

▶