Race Condition Vulnerability in X Display Manager Affecting NetBSD, X.Org, and Solaris
CVE-2006-5214

Currently unrated

Key Information:

Vendor: Netbsd
Status: Netbsd; Sunos; Solaris
Vendor: CVE Published:; 10 October 2006

What is CVE-2006-5214?

A race condition in the Xsession script used by X Display Manager (xdm) allows local users to access sensitive Xsession errors files belonging to other users. This issue arises due to inadequate permission settings before a chmod command is executed, leaving the files exposed. It affects multiple systems, including NetBSD, X.Org, and specific versions of Solaris, posing privacy risks as unauthorized users may read confidential data contained in these error logs. Timely updates and configuration reviews are essential to mitigate this vulnerability.

References

http://securitytracker.com/id?1017015

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/22992

third-party-advisoryx_refsource_SECUNIA

https://bugs.freedesktop.org/show_bug.cgi?id=5897

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2006
Vulnerability Reserved
Oct 9, 2006

CVE-2006-5214 Data

JSON

Netbsd

What is CVE-2006-5214?

References

Timeline