X.Org Xdm vulnerabilities

CVE-2006-5214 [LOW] CVE-2006-5214: Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.

CVE-2006-5215 [LOW] CVE-2006-5215: The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 2006 The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.

CVE-2006-4447 [HIGH] CVE-2006-4447: X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check t X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.