Executive Summary
Summary | |
---|---|
Title | Xsession vulnerability |
Informations | |||
---|---|---|---|
Name | USN-364-1 | First vendor Publication | 2006-10-16 |
Vendor | Ubuntu | Last vendor Modification | 2006-10-16 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:H/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 1.2 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | High |
Cvss Expoit Score | 1.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: Ubuntu 6.06 LTS: After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: A race condition existed that would allow other local users to see error messages generated during another user's X session. This could allow potentially sensitive information to be leaked. |
Original Source
Url : http://www.ubuntu.com/usn/USN-364-1 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-26 | Leveraging Race Conditions |
CAPEC-27 | Leveraging Race Conditions via Symbolic Links |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1760 | |||
Oval ID: | oval:org.mitre.oval:def:1760 | ||
Title: | Security Vulnerability in X Display Manager (xdm(1)) Xsession Script | ||
Description: | Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-5214 | Version: | 1 |
Platform(s): | Sun Solaris 8 Sun Solaris 9 Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 2 | |
Os | 2 | |
Os | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-02-27 | Name : Fedora Update for xorg-x11-xinit FEDORA-2007-1409 File : nvt/gb_fedora_2007_1409_xorg-x11-xinit_fc7.nasl |
2009-02-27 | Name : Fedora Update for xorg-x11-xinit FEDORA-2007-659 File : nvt/gb_fedora_2007_659_xorg-x11-xinit_fc6.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
29578 | Multiple Vendor X Display Manager Xsession Script Error File Information Disc... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-11-10 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-364-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-1409.nasl - Type : ACT_GATHER_INFO |
2007-08-13 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-659.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 124830-01 File : solaris9_124830.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 124831-01 File : solaris9_x86_124831.nasl - Type : ACT_GATHER_INFO |
2007-01-08 | Name : The remote host is missing Sun Security Patch number 124457-03 File : solaris10_124457.nasl - Type : ACT_GATHER_INFO |
2006-12-18 | Name : The remote host is missing Sun Security Patch number 124458-03 File : solaris10_x86_124458.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 111844-04 File : solaris8_111844.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 111845-04 File : solaris8_x86_111845.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:03:51 |
|