CVE-2006-5327
First published: Tue Oct 17 2006(Updated: )
Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| David Branco Openbase | =7.0.15 | |
| David Branco Openbase | <=10.0 | |
| David Branco Openbase | =9.1.5 | |
| David Branco Openbase | =8.0.4 | |
| Apple Xcode | <=2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.digitalmunition.com/Xcode_OpenBase_pwn.pl
- http://www.securityfocus.com/bid/20562
- http://secunia.com/advisories/22390
- http://secunia.com/advisories/22474
- http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html
- http://www.securitytracker.com/id?1018872
- http://secunia.com/advisories/27441
- http://www.vupen.com/english/advisories/2007/3665
- http://www.vupen.com/english/advisories/2006/4058
- http://www.vupen.com/english/advisories/2006/4059
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29624
- http://www.digitalmunition.com/DMA[2006-1016a].txt
- http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt
Frequently Asked Questions
What is the severity of CVE-2006-5327?
CVE-2006-5327 is classified as a significant vulnerability allowing local users to execute arbitrary code.
How do I fix CVE-2006-5327?
To fix CVE-2006-5327, update to a version of OpenBase SQL that is newer than 10.0 or apply relevant patches provided by the vendor.
Who is affected by CVE-2006-5327?
CVE-2006-5327 affects local users running OpenBase SQL versions 10.0 and earlier, as well as Apple Xcode up to version 2.2.
What applications utilize the vulnerable components of CVE-2006-5327?
CVE-2006-5327 impacts applications that include OpenBase SQL and Apple Xcode, especially in configurations using specific versions.
Can CVE-2006-5327 be exploited remotely?
CVE-2006-5327 cannot be exploited remotely as it requires local user access and specific conditions to be met.
- agent/type
- agent/author
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- vendor/openbase international ltd
- canonical/david branco openbase
- version/david branco openbase/7.0.15
- version/david branco openbase/10.0
- version/david branco openbase/9.1.5
- version/david branco openbase/8.0.4
- vendor/apple
- canonical/apple xcode
- version/apple xcode/2.2