CVE-2006-5327

Name of the Vulnerable Software and Affected Versions OpenBase SQL versions 10.0 and earlier

Description The issue allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program. This occurs when gnutar is invoked by OpenBase and executed with certain TAR OPTIONS environment variable settings. The vulnerability is exploited through a modified PATH, allowing the execution of arbitrary code.

Recommendations For OpenBase SQL versions 10.0 and earlier, consider restricting the use of the TAR OPTIONS environment variable to minimize the risk of exploitation. As a temporary workaround, avoid using gnutar with certain TAR OPTIONS settings until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.