| Vulnerability Name: | CVE-2006-5327 (CCN-29624) | ||||||||
| Assigned: | 2006-10-16 | ||||||||
| Published: | 2006-10-16 | ||||||||
| Updated: | 2018-08-13 | ||||||||
| Summary: | Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-5327 Source: CCN Type: Apple Web site About the security content of Xcode Tools 2.5 Source: APPLE Type: UNKNOWN APPLE-SA-2007-10-30 Source: CCN Type: Apple Product Security Mailing List, Tue, 30 Oct 2007 15:13:10 -0700 APPLE-SA-2007-10-30 Xcode 2.5 Developer Tools Source: CCN Type: SA22390 OpenBase SQL Privilege Escalation Vulnerability Source: SECUNIA Type: Patch, Vendor Advisory 22390 Source: CCN Type: SA22474 Apple Xcode WebObjects Plugin Privilege Escalation Vulnerability Source: SECUNIA Type: Patch, Vendor Advisory 22474 Source: CCN Type: SA27441 Apple Xcode Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 27441 Source: CCN Type: SECTRACK ID: 1018872 Apple Xcode Bugs Let Local Users Gain System Privileges Source: CCN Type: OpenBase Web site OpenBase: Engine of Innovation Source: CCN Type: DMA[2006-1016a] Apple Xcode WebObjects / OpenBase SQL multiple vulnerabilities Source: MISC Type: Broken Link http://www.digitalmunition.com/DMA[2006-1016a].txt Source: MISC Type: UNKNOWN http://www.digitalmunition.com/Xcode_OpenBase_pwn.pl Source: CCN Type: OSVDB ID: 29793 OpenBase SQL gnutar Path Subversion Local Privilege Escalation Source: CCN Type: OSVDB ID: 32749 OpenBase SQL Path Subversion Local Privilege Escalation Source: BID Type: Exploit 20562 Source: CCN Type: BID-20562 Apple Xcode OpenBase Multiple Privilege Escalation Vulnerabilities Source: SECTRACK Type: UNKNOWN 1018872 Source: VUPEN Type: UNKNOWN ADV-2006-4058 Source: VUPEN Type: UNKNOWN ADV-2006-4059 Source: VUPEN Type: UNKNOWN ADV-2007-3665 Source: XF Type: UNKNOWN openbasesql-gnutar-code-execution(29624) Source: XF Type: UNKNOWN openbase-sql-privilege-escalation(29624) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||