CVE-2006-5327
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase.
Vulnerabilidad de ruta de búsqueda en un fichero no confiable en OpenBase SQL 10.0 y anteriores, al usarlo en Apple Xcode 2.2 y anteriores y posiblemente otros productos, permite a usuarios locales ejecutar código de su elección mediante una ruta modificada que hace referencia a un programa gzip malicioso, el cual es ejecutado por gnutar con ciertas preferencias en la variable de entorno TAR_OPTIONS, cuando gnutar es invocado por OpenBase.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-10-17 CVE Reserved
- 2006-10-17 CVE Published
- 2024-03-11 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/27441 | Third Party Advisory | |
| http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt | X_refsource_misc | |
| http://www.digitalmunition.com/Xcode_OpenBase_pwn.pl | X_refsource_misc | |
| http://www.securitytracker.com/id?1018872 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2006/4058 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2006/4059 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/3665 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29624 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/20562 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/22390 | 2023-11-07 | |
| http://secunia.com/advisories/22474 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Xcode Search vendor "Apple" for product "Xcode" | <= 2.2 Search vendor "Apple" for product "Xcode" and version " <= 2.2" | - |
Affected
| ||||||
| Openbase International Ltd Search vendor "Openbase International Ltd" | Openbase Search vendor "Openbase International Ltd" for product "Openbase" | <= 10.0 Search vendor "Openbase International Ltd" for product "Openbase" and version " <= 10.0" | mac_os_x |
Affected
| ||||||
| Openbase International Ltd Search vendor "Openbase International Ltd" | Openbase Search vendor "Openbase International Ltd" for product "Openbase" | 7.0.15 Search vendor "Openbase International Ltd" for product "Openbase" and version "7.0.15" | mac_os_x |
Affected
| ||||||
| Openbase International Ltd Search vendor "Openbase International Ltd" | Openbase Search vendor "Openbase International Ltd" for product "Openbase" | 8.0.4 Search vendor "Openbase International Ltd" for product "Openbase" and version "8.0.4" | mac_os_x |
Affected
| ||||||
| Openbase International Ltd Search vendor "Openbase International Ltd" | Openbase Search vendor "Openbase International Ltd" for product "Openbase" | 9.1.5 Search vendor "Openbase International Ltd" for product "Openbase" and version "9.1.5" | mac_os_x |
Affected
| ||||||