Sign-up

ID

VAR-200610-0137


CVE

CVE-2006-5327


TITLE

OpenBase SQL Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2006-000979

DESCRIPTION

Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase. Apple Xcode Used in etc. The OpenBase application shipped with Apple Xcode is prone to multiple privilege-escalation issues because the application fails to handle exceptional conditions when executing setuid programs. A local attacker can exploit these issues to gain superuser privileges. A successful exploit would lead to the complete compromise of affected computers. This issue affects Apple Xcode 2.2 and earlier versions. Xcode is the development tool used on Apple machines. By using the TAR_OPTIONS environment variable, gnutar can be forced to call gzip without specifying the path, and the attacker can gain root privileges by controlling the PATH variable. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. For more information: SA22390 SOLUTION: Download the latest J2SE 5.0-compliant OpenBase JDBC drivers from http://www.openbase.com. Alternatively, remove the "setuid" flags from the OpenBase binaries. ---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. http://secunia.com/secunia_security_specialist/ ---------------------------------------------------------------------- TITLE: SpamAssassin "spamd" Shell Command Injection Vulnerability SECUNIA ADVISORY ID: SA20430 VERIFY ADVISORY: http://secunia.com/advisories/20430/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: SpamAssassin 3.x http://secunia.com/product/4506/ DESCRIPTION: A vulnerability has been reported in SpamAssassin, which can be exploited by malicious people to compromise a vulnerable system. Some unspecified input is not properly sanitised before being used. This can be exploited to inject arbitrary shell commands. Successful exploitation requires that spamd is used with the "--vpopmail" and "--paranoid" switches. The vulnerability has been reported in version 3.0.3. Other versions may also be affected. SOLUTION: Update to version 3.0.6 or 3.1.3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.25

sources: NVD: CVE-2006-5327 // JVNDB: JVNDB-2006-000979 // BID: 20562 // VULHUB: VHN-21435 // PACKETSTORM: 60583 // PACKETSTORM: 50989 // PACKETSTORM: 47075

AFFECTED PRODUCTS

vendor:applemodel:xcodescope:lteversion:2.2

Trust: 1.0

vendor:openbasemodel:openbasescope:eqversion:8.0.4

Trust: 1.0

vendor:openbasemodel:openbasescope:lteversion:10.0

Trust: 1.0

vendor:openbasemodel:openbasescope:eqversion:9.1.5

Trust: 1.0

vendor:openbasemodel:openbasescope:eqversion:7.0.15

Trust: 1.0

vendor:openbasemodel:sqlscope:lteversion:10.0

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.4.x

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.5

Trust: 0.8

vendor:applemodel:xcodescope:eqversion:tools 2.5

Trust: 0.8

vendor:openbasemodel:openbasescope:eqversion:10.0

Trust: 0.6

vendor:openbasemodel:macosxscope:eqversion:10.0

Trust: 0.3

vendor:openbasemodel:macosxscope:eqversion:9.1.5

Trust: 0.3

vendor:openbasemodel:macosxscope:eqversion:8.0.4

Trust: 0.3

vendor:openbasemodel:macosxscope:eqversion:7.0.15

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:xcodescope:neversion:2.3

Trust: 0.3

sources: BID: 20562 // JVNDB: JVNDB-2006-000979 // CNNVD: CNNVD-200610-256 // NVD: CVE-2006-5327

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-5327
value: HIGH

Trust: 1.0

NVD: CVE-2006-5327
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200610-256
value: HIGH

Trust: 0.6

VULHUB: VHN-21435
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-5327
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-21435
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-21435 // JVNDB: JVNDB-2006-000979 // CNNVD: CNNVD-200610-256 // NVD: CVE-2006-5327

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-5327

THREAT TYPE

local

Trust: 1.1

sources: BID: 20562 // PACKETSTORM: 60583 // PACKETSTORM: 50989 // CNNVD: CNNVD-200610-256

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200610-256

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-000979

PATCH
title:About the security content of Xcode Tools 2.5url:http://docs.info.apple.com/article.html?artnum=306847-en
Trust: 0.8
title:About the security content of Xcode Tools 2.5url:http://docs.info.apple.com/article.html?artnum=306847-ja
Trust: 0.8
title:Top Pageurl:http://www.openbase.com/index.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-000979

EXTERNAL IDS
db:NVDid:CVE-2006-5327
Trust: 2.8
db:BIDid:20562
Trust: 2.8
db:SECUNIAid:27441
Trust: 2.6
db:SECUNIAid:22390
Trust: 2.5
db:SECTRACKid:1018872
Trust: 2.5
db:SECUNIAid:22474
Trust: 1.8
db:VUPENid:ADV-2007-3665
Trust: 1.7
db:VUPENid:ADV-2006-4059
Trust: 1.7
db:VUPENid:ADV-2006-4058
Trust: 1.7
db:XFid:29624
Trust: 1.4
db:JVNDBid:JVNDB-2006-000979
Trust: 0.8
db:CNNVDid:CNNVD-200610-256
Trust: 0.7
db:APPLEid:APPLE-SA-2007-10-30
Trust: 0.6
db:VULHUBid:VHN-21435
Trust: 0.1
db:PACKETSTORMid:60583
Trust: 0.1
db:PACKETSTORMid:50989
Trust: 0.1
db:SECUNIAid:20430
Trust: 0.1
db:PACKETSTORMid:47075
Trust: 0.1
sources:
            
            
            VULHUB: VHN-21435 // 
            
            
            
            BID: 20562 // 
            
            
            
            JVNDB: JVNDB-2006-000979 // 
            
            
            
            PACKETSTORM: 60583 // 
            
            
            
            PACKETSTORM: 50989 // 
            
            
            
            PACKETSTORM: 47075 // 
            
            
            
            CNNVD: CNNVD-200610-256 // 
            
            
            
            NVD: CVE-2006-5327

REFERENCES
url:http://www.securityfocus.com/bid/20562
Trust: 2.5
url:http://secunia.com/advisories/22390
Trust: 2.5
url:http://secunia.com/advisories/27441
Trust: 2.5
url:http://lists.apple.com/archives/security-announce/2007/oct/msg00001.html
Trust: 1.8
url:http://www.digitalmunition.com/dma%5b2006-1016a%5d.txt
Trust: 1.7
url:http://www.digitalmunition.com/xcode_openbase_pwn.pl
Trust: 1.7
url:http://www.securitytracker.com/id?1018872
Trust: 1.7
url:http://secunia.com/advisories/22474
Trust: 1.7
url:http://www.frsirt.com/english/advisories/2006/4058
Trust: 1.4
url:http://www.frsirt.com/english/advisories/2006/4059
Trust: 1.4
url:http://xforce.iss.net/xforce/xfdb/29624
Trust: 1.4
url:http://www.vupen.com/english/advisories/2006/4058
Trust: 1.1
url:http://www.vupen.com/english/advisories/2006/4059
Trust: 1.1
url:http://www.vupen.com/english/advisories/2007/3665
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/29624
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5327
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-5327
Trust: 0.8
url:http://securitytracker.com/alerts/2007/oct/1018872.html
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/3665
Trust: 0.6
url:http://www.apple.com/macosx/features/xcode/
Trust: 0.3
url:http://software.cisco.com/download/navigator.html?mdfid=283613663
Trust: 0.3
url:http://www.digitalmunition.com/dma%5b2006-1107a%5d.txt
Trust: 0.3
url:http://www.openbase.com/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.3
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.3
url:http://secunia.com/about_secunia_advisories/
Trust: 0.3
url:http://secunia.com/advisories/22390/
Trust: 0.2
url:http://secunia.com/product/10144/
Trust: 0.2
url:http://secunia.com/advisories/27441/
Trust: 0.1
url:http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
Trust: 0.1
url:http://secunia.com/advisories/20188/
Trust: 0.1
url:http://developer.apple.com/tools/download/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://www.openbase.com.
Trust: 0.1
url:http://secunia.com/advisories/22474/
Trust: 0.1
url:http://secunia.com/advisories/20430/
Trust: 0.1
url:http://secunia.com/product/4506/
Trust: 0.1
url:http://secunia.com/secunia_security_specialist/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-21435 // 
            
            
            
            BID: 20562 // 
            
            
            
            JVNDB: JVNDB-2006-000979 // 
            
            
            
            PACKETSTORM: 60583 // 
            
            
            
            PACKETSTORM: 50989 // 
            
            
            
            PACKETSTORM: 47075 // 
            
            
            
            CNNVD: CNNVD-200610-256 // 
            
            
            
            NVD: CVE-2006-5327

CREDITS
Kevin Finisterreā€» dotslash@snosoft.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200610-256

SOURCES
db:VULHUBid:VHN-21435
db:BIDid:20562
db:JVNDBid:JVNDB-2006-000979
db:PACKETSTORMid:60583
db:PACKETSTORMid:50989
db:PACKETSTORMid:47075
db:CNNVDid:CNNVD-200610-256
db:NVDid:CVE-2006-5327

LAST UPDATE DATE
2024-08-14T13:15:17.537000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-21435date:2018-08-13T00:00:00
db:BIDid:20562date:2007-10-31T19:36:00
db:JVNDBid:JVNDB-2006-000979date:2007-11-27T00:00:00
db:CNNVDid:CNNVD-200610-256date:2006-10-18T00:00:00
db:NVDid:CVE-2006-5327date:2023-11-07T01:59:29.767

SOURCES RELEASE DATE
db:VULHUBid:VHN-21435date:2006-10-17T00:00:00
db:BIDid:20562date:2006-10-16T00:00:00
db:JVNDBid:JVNDB-2006-000979date:2007-11-27T00:00:00
db:PACKETSTORMid:60583date:2007-11-01T00:17:02
db:PACKETSTORMid:50989date:2006-10-17T17:58:16
db:PACKETSTORMid:47075date:2006-06-10T05:36:59
db:CNNVDid:CNNVD-200610-256date:2006-10-17T00:00:00
db:NVDid:CVE-2006-5327date:2006-10-17T21:07:00