CVE-2006-5327 — Apple Xcode vulnerability

3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.2%

top 61.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Xcode Openbase International LTD Openbase

Timeline

PublishedOct 17

Latest updateMay 1

Description

Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDapple/xcode2.2

▶NVDopenbase_international_ltd/openbase10.0+3

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-w3q8-f3hm-869w: Untrusted search path vulnerability in OpenBase SQL 10↗2022-05-01

▶

CVEList

CVE-2006-5327: Untrusted search path vulnerability in OpenBase SQL 10↗2006-10-17

▶