CVE-2006-6131

Name of the Vulnerable Software and Affected Versions Kerio WebSTAR (4D WebSTAR Server Suite) versions 5.4.2 and earlier

Description The issue is related to an untrusted search path vulnerability in WSAdminServer and WSWebServer components. This vulnerability allows local users with webstar privileges to gain root privileges by utilizing a malicious libucache.dylib helper library in the current working directory.

Recommendations For Kerio WebSTAR (4D WebSTAR Server Suite) versions 5.4.2 and earlier, consider restricting access to the WSAdminServer and WSWebServer components until a fix is available. As a temporary workaround, avoid using the vulnerable components in a manner that could lead to exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.