CVE-2006-6131

Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory.

CVSS v2.0 6.2 MEDIUM

6.2^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 1.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/21123	Exploit
http://www.osvdb.org/30450	Exploit
http://securitytracker.com/id?1017239	Exploit
http://secunia.com/advisories/22906	Exploit Vendor Advisory
http://securityreason.com/securityalert/1921
http://www.vupen.com/english/advisories/2006/4539
https://exchange.xforce.ibmcloud.com/vulnerabilities/30308
http://www.digitalmunition.com/DMA[2006-1115a].txt	Broken Link
http://www.securityfocus.com/archive/1/451832/100/200/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:kerio:webstar:5.2.4:::::::*
	cpe:2.3:a:kerio:webstar:5.3:::::::*
	cpe:2.3:a:kerio:webstar:4.0:::::::*
	cpe:2.3:a:kerio:webstar:5.1.2:::::::*
	cpe:2.3:a:kerio:webstar:5.2.2:::::::*
	cpe:2.3:a:kerio:webstar:5.2.3:::::::*
	cpe:2.3:a:kerio:webstar:5.4:::::::*
	cpe:2.3:a:kerio:webstar::::::::
	cpe:2.3:a:kerio:webstar:5.3.1:::::::*
	cpe:2.3:a:kerio:webstar:5.3.2:::::::*
	cpe:2.3:a:kerio:webstar:5.1.3:::::::*
	cpe:2.3:a:kerio:webstar:5.3.4:::::::*
	cpe:2.3:a:kerio:webstar:5.2.1:::::::*
	cpe:2.3:a:kerio:webstar:5.2:::::::*
	cpe:2.3:a:kerio:webstar:5.3.3:::::::*

Information

Published : 2006-11-27 17:07

Updated : 2018-10-17 14:46

NVD link : CVE-2006-6131

Mitre link : CVE-2006-6131

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

kerio

webstar

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/21123", "name": "21123", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://www.osvdb.org/30450", "name": "30450", "tags": ["Exploit"], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1017239", "name": "1017239", "tags": ["Exploit"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/22906", "name": "22906", "tags": ["Exploit", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/1921", "name": "1921", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/4539", "name": "ADV-2006-4539", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30308", "name": "kerio-webstar-privilege-escalation(30308)", "tags": [], "refsource": "XF"}, {"url": "http://www.digitalmunition.com/DMA[2006-1115a].txt", "name": "http://www.digitalmunition.com/DMA[2006-1115a].txt", "tags": ["Broken Link"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/archive/1/451832/100/200/threaded", "name": "20061116 Kerio WebSTAR local privilege escalation", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-6131", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-11-28T01:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:kerio:webstar:5.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kerio:webstar:5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kerio:webstar:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kerio:webstar:5.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kerio:webstar:5.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kerio:webstar:5.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kerio:webstar:5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kerio:webstar:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.4.2"}, {"cpe23Uri": "cpe:2.3:a:kerio:webstar:5.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kerio:webstar:5.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kerio:webstar:5.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kerio:webstar:5.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kerio:webstar:5.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kerio:webstar:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:kerio:webstar:5.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:46Z"}