Published: 10/10/2006 Updated: 30/10/2018

CVSS v2 Base Score: 1.2 | Impact Score: 2.9 | Exploitability Score: 1.9

VMScore: 107

Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N

Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD prior to 20060212, X.Org prior to 20060225, and Solaris 8 through 10 prior to 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.

Vulnerable Product	Search on Vulmon	Subscribe to Product
netbsd netbsd 3.99.15
sun solaris 10.0
sun sunos 5.8
sun solaris 9.0
netbsd netbsd 3.0

A race condition existed that would allow other local users to see error messages generated during another user’s X session This could allow potentially sensitive information to be leaked ...

NVD-CWE-Other http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32804 https://bugs.freedesktop.org/show_bug.cgi?id=5897 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102652-1 http://www.securityfocus.com/bid/20400 http://securitytracker.com/id?1017015 http://secunia.com/advisories/22323 http://secunia.com/advisories/22439 http://www.ubuntu.com/usn/usn-364-1 http://secunia.com/advisories/22469 http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://secunia.com/advisories/22992 http://www.vupen.com/english/advisories/2006/3962 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1760 https://usn.ubuntu.com/364-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-5214

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect