PT-2006-5949 · Netbsd+2 · X Display Manager+2

Jeremy C. Reed

Published

2006-10-09

Updated

2018-10-30

CVE-2006-5214

CVSS v2.0

1.2

Low

Vector

AV:L/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions X Display Manager (xdm) in NetBSD versions prior to 20060212 X.Org versions prior to 20060225 Solaris versions 8 through 10 prior to 20061006

Description A race condition in the Xsession script causes a user's Xsession errors file to have weak permissions before a chmod is performed. This allows local users to read Xsession errors files of other users.

Recommendations For NetBSD versions prior to 20060212, update to a version after 20060212 to resolve the issue. For X.Org versions prior to 20060225, update to a version after 20060225 to resolve the issue. For Solaris versions 8 through 10 prior to 20061006, update to a version after 20061006 to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5214

Affected Products

Solaris

X Display Manager

X.Org

PT-2006-5949 · Netbsd+2 · X Display Manager+2

CVE-2006-5214

Related Identifiers

Affected Products

References · 17