Vulnerability CVE-2006-5327
Published: 2006-10-17   Modified: 2012-02-12

Description:
Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase.

Type:

CWE-Other

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Openbase international ltd -> Openbase 
Apple -> Xcode 

 References:
http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html
http://www.digitalmunition.com/Xcode_OpenBase_pwn.pl
http://www.securityfocus.com/bid/20562
http://www.securitytracker.com/id?1018872
http://www.vupen.com/english/advisories/2006/4058
http://www.vupen.com/english/advisories/2006/4059
http://www.vupen.com/english/advisories/2007/3665
https://exchange.xforce.ibmcloud.com/vulnerabilities/29624
Copyright 2024, cxsecurity.com

 

Back to Top