File Overwrite Vulnerability in X Display Manager Across NetBSD, X.Org, and Solaris
CVE-2006-5215

Currently unrated

Key Information:

Vendor: X.org
Status: Xdm
Vendor: CVE Published:; 10 October 2006

What is CVE-2006-5215?

The Xsession script used in X Display Manager (xdm) on specific versions of NetBSD, X.Org, and Solaris is susceptible to a symlink attack. This vulnerability allows local users to overwrite arbitrary files or read another user's Xsession errors file by exploiting a vulnerable /tmp directory structure. The flaw can significantly impact user privacy and system integrity, making it critical for administrators to apply appropriate patches and security measures.

References

http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=3...

x_refsource_CONFIRM

http://securitytracker.com/id?1017015

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/22992

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2006
Vulnerability Reserved
Oct 9, 2006

X.org

What is CVE-2006-5215?

References

Timeline