CVE-2006-5215
First published: Mon Oct 09 2006(Updated: )
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| X Window System | <=1.0.3 | |
| NetBSD current | <=current | |
| NetBSD current | =1.0 | |
| NetBSD current | =1.1 | |
| NetBSD current | =1.2 | |
| NetBSD current | =1.2.1 | |
| NetBSD current | =1.3 | |
| NetBSD current | =1.3.1 | |
| NetBSD current | =1.3.2 | |
| NetBSD current | =1.3.3 | |
| NetBSD current | =1.4 | |
| NetBSD current | =1.4 | |
| NetBSD current | =1.4 | |
| NetBSD current | =1.4 | |
| NetBSD current | =1.4 | |
| NetBSD current | =1.4.1 | |
| NetBSD current | =1.4.1 | |
| NetBSD current | =1.4.1 | |
| NetBSD current | =1.4.1 | |
| NetBSD current | =1.4.1 | |
| NetBSD current | =1.4.1 | |
| NetBSD current | =1.4.2 | |
| NetBSD current | =1.4.2 | |
| NetBSD current | =1.4.2 | |
| NetBSD current | =1.4.2 | |
| NetBSD current | =1.4.2 | |
| NetBSD current | =1.4.3 | |
| NetBSD current | =1.5 | |
| NetBSD current | =1.5 | |
| NetBSD current | =1.5 | |
| NetBSD current | =1.5.1 | |
| NetBSD current | =1.5.2 | |
| NetBSD current | =1.5.3 | |
| NetBSD current | =1.6 | |
| NetBSD current | =1.6-beta | |
| NetBSD current | =1.6.1 | |
| NetBSD current | =1.6.2 | |
| NetBSD current | =2.0 | |
| NetBSD current | =2.0.1 | |
| NetBSD current | =2.0.2 | |
| NetBSD current | =2.0.3 | |
| NetBSD current | =2.1 | |
| NetBSD current | =3.0 | |
| NetBSD current | =3.99.15 | |
| NetBSD current | =4.0 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =8.0 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =8.0 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =8.0-beta | |
| Oracle Solaris and Zettabyte File System (ZFS) | =9.0 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =9.0 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =9.0-x86_update_2 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =10.0 | |
| Sun SunOS | =5.8 | |
| Sun SunOS | =5.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32805
- https://bugs.freedesktop.org/show_bug.cgi?id=5898
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102652-1
- http://securitytracker.com/id?1017015
- http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
- http://secunia.com/advisories/22992
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29427
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2205
Frequently Asked Questions
What is the severity of CVE-2006-5215?
CVE-2006-5215 is considered a high-severity vulnerability due to the potential for local users to exploit it to overwrite arbitrary files.
How do I fix CVE-2006-5215?
To fix CVE-2006-5215, ensure that the affected systems are updated to the latest patches provided by NetBSD, X.Org, or Solaris.
Which systems are affected by CVE-2006-5215?
CVE-2006-5215 affects versions of X Display Manager in NetBSD prior to 20060212, X.Org prior to 20060317, and Solaris 8 through 10 before 20061006.
What is a symlink attack related to CVE-2006-5215?
A symlink attack in CVE-2006-5215 allows local users to create symbolic links that manipulate the behavior of the Xsession script, potentially leading to unauthorized file access.
Can users access another user’s Xsession errors file due to CVE-2006-5215?
Yes, CVE-2006-5215 allows local users to read another user's Xsession errors file through exploitation of the vulnerability.
- agent/references
- agent/type
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/x.org
- product/xdm
- canonical/x.org xdm
- vendor/netbsd
- product/netbsd
- canonical/netbsd netbsd
- vendor/sun
- product/solaris
- canonical/sun solaris
- product/sunos
- canonical/sun sunos
- canonical/x window system
- version/x window system/1.0.3
- canonical/netbsd current
- version/netbsd current/current
- version/netbsd current/1.0
- version/netbsd current/1.1
- version/netbsd current/1.2
- version/netbsd current/1.2.1
- version/netbsd current/1.3
- version/netbsd current/1.3.1
- version/netbsd current/1.3.2
- version/netbsd current/1.3.3
- version/netbsd current/1.4
- version/netbsd current/1.4.1
- version/netbsd current/1.4.2
- version/netbsd current/1.4.3
- version/netbsd current/1.5
- version/netbsd current/1.5.1
- version/netbsd current/1.5.2
- version/netbsd current/1.5.3
- version/netbsd current/1.6
- version/netbsd current/1.6-beta
- version/netbsd current/1.6.1
- version/netbsd current/1.6.2
- version/netbsd current/2.0
- version/netbsd current/2.0.1
- version/netbsd current/2.0.2
- version/netbsd current/2.0.3
- version/netbsd current/2.1
- version/netbsd current/3.0
- version/netbsd current/3.99.15
- version/netbsd current/4.0
- canonical/oracle solaris and zettabyte file system (zfs)
- version/oracle solaris and zettabyte file system (zfs)/8.0
- version/oracle solaris and zettabyte file system (zfs)/8.0-beta
- version/oracle solaris and zettabyte file system (zfs)/9.0
- version/oracle solaris and zettabyte file system (zfs)/9.0-x86_update_2
- version/oracle solaris and zettabyte file system (zfs)/10.0
- version/sun sunos/5.8
- version/sun sunos/5.9