CVE-2006-5215

Name of the Vulnerable Software and Affected Versions X Display Manager (xdm) in NetBSD versions prior to 20060212 X.Org versions prior to 20060317 Solaris versions 8 through 10 prior to 20061006

Description The issue allows local users to overwrite arbitrary files or read another user's Xsession errors file via a symlink attack on a /tmp/xses-$USER file. This is a result of a flaw in the Xsession script used by the affected software.

Recommendations For X Display Manager (xdm) in NetBSD versions prior to 20060212, update to a version released after 20060212. For X.Org versions prior to 20060317, update to a version released after 20060317. For Solaris versions 8 through 10 prior to 20061006, update to a version released after 20061006.