CVE-2006-6131
Kerio WebSTAR 5.4.2 (OSX) - 'libucache.dylib' Local Privilege Escalation
Severity Score
6.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
5
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory.
Vulnerabilidad de ruta de búsqueda no confiable en (1) WSAdminServer y (2) WSWebServer en Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 y anteriores permite a atacantes remotos con privilegios webstar obtener privilegios de root mediante una librería de ayuda libucache.dylib maliciosa en el directorio de trabajo actual.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-11-15 First Exploit
- 2006-11-27 CVE Reserved
- 2006-11-28 CVE Published
- 2024-08-03 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/1921 | Third Party Advisory | |
| http://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/451832/100/200/threaded | Mailing List | |
| http://www.vupen.com/english/advisories/2006/4539 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30308 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/2788 | 2006-11-15 | |
| http://secunia.com/advisories/22906 | 2024-08-07 | |
| http://securitytracker.com/id?1017239 | 2024-08-07 | |
| http://www.osvdb.org/30450 | 2024-08-07 | |
| http://www.securityfocus.com/bid/21123 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Kerio Search vendor "Kerio" | Webstar Search vendor "Kerio" for product "Webstar" | <= 5.4.2 Search vendor "Kerio" for product "Webstar" and version " <= 5.4.2" | - |
Affected
| ||||||
| Kerio Search vendor "Kerio" | Webstar Search vendor "Kerio" for product "Webstar" | 4.0 Search vendor "Kerio" for product "Webstar" and version "4.0" | - |
Affected
| ||||||
| Kerio Search vendor "Kerio" | Webstar Search vendor "Kerio" for product "Webstar" | 5.1.2 Search vendor "Kerio" for product "Webstar" and version "5.1.2" | - |
Affected
| ||||||
| Kerio Search vendor "Kerio" | Webstar Search vendor "Kerio" for product "Webstar" | 5.1.3 Search vendor "Kerio" for product "Webstar" and version "5.1.3" | - |
Affected
| ||||||
| Kerio Search vendor "Kerio" | Webstar Search vendor "Kerio" for product "Webstar" | 5.2 Search vendor "Kerio" for product "Webstar" and version "5.2" | - |
Affected
| ||||||
| Kerio Search vendor "Kerio" | Webstar Search vendor "Kerio" for product "Webstar" | 5.2.1 Search vendor "Kerio" for product "Webstar" and version "5.2.1" | - |
Affected
| ||||||
| Kerio Search vendor "Kerio" | Webstar Search vendor "Kerio" for product "Webstar" | 5.2.2 Search vendor "Kerio" for product "Webstar" and version "5.2.2" | - |
Affected
| ||||||
| Kerio Search vendor "Kerio" | Webstar Search vendor "Kerio" for product "Webstar" | 5.2.3 Search vendor "Kerio" for product "Webstar" and version "5.2.3" | - |
Affected
| ||||||
| Kerio Search vendor "Kerio" | Webstar Search vendor "Kerio" for product "Webstar" | 5.2.4 Search vendor "Kerio" for product "Webstar" and version "5.2.4" | - |
Affected
| ||||||
| Kerio Search vendor "Kerio" | Webstar Search vendor "Kerio" for product "Webstar" | 5.3 Search vendor "Kerio" for product "Webstar" and version "5.3" | - |
Affected
| ||||||
| Kerio Search vendor "Kerio" | Webstar Search vendor "Kerio" for product "Webstar" | 5.3.1 Search vendor "Kerio" for product "Webstar" and version "5.3.1" | - |
Affected
| ||||||
| Kerio Search vendor "Kerio" | Webstar Search vendor "Kerio" for product "Webstar" | 5.3.2 Search vendor "Kerio" for product "Webstar" and version "5.3.2" | - |
Affected
| ||||||
| Kerio Search vendor "Kerio" | Webstar Search vendor "Kerio" for product "Webstar" | 5.3.3 Search vendor "Kerio" for product "Webstar" and version "5.3.3" | - |
Affected
| ||||||
| Kerio Search vendor "Kerio" | Webstar Search vendor "Kerio" for product "Webstar" | 5.3.4 Search vendor "Kerio" for product "Webstar" and version "5.3.4" | - |
Affected
| ||||||
| Kerio Search vendor "Kerio" | Webstar Search vendor "Kerio" for product "Webstar" | 5.4 Search vendor "Kerio" for product "Webstar" and version "5.4" | - |
Affected
| ||||||