CVE-2006-5214 | Vulnerability Database | Aqua Security

Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a users Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.

Affected Software

Name	Vendor	Start Version	End Version
Netbsd	Netbsd	3.0 (including)	3.0 (including)
Netbsd	Netbsd	3.99.15 (including)	3.99.15 (including)
Solaris	Sun	9.0 (including)	9.0 (including)
Solaris	Sun	10.0 (including)	10.0 (including)
Sunos	Sun	5.8 (including)	5.8 (including)
Xinit	Ubuntu	dapper	*
Xinit	Ubuntu	edgy	*
Xinit	Ubuntu	feisty	*
Xorg	Ubuntu	dapper	*
Xorg	Ubuntu	devel	*
Xorg	Ubuntu	edgy	*
Xorg	Ubuntu	feisty	*

References

http://secunia.com/advisories/22323
http://secunia.com/advisories/22439
http://secunia.com/advisories/22469
http://secunia.com/advisories/22992
http://securitytracker.com/id?1017015
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102652-1
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32804
http://www.securityfocus.com/bid/20400
http://www.ubuntu.com/usn/usn-364-1
http://www.vupen.com/english/advisories/2006/3962
https://bugs.freedesktop.org/show_bug.cgi?id=5897
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1760
http://secunia.com/advisories/22323
http://secunia.com/advisories/22439
http://secunia.com/advisories/22469
http://secunia.com/advisories/22992
http://securitytracker.com/id?1017015
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102652-1
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32804
http://www.securityfocus.com/bid/20400
http://www.ubuntu.com/usn/usn-364-1
http://www.vupen.com/english/advisories/2006/3962
https://bugs.freedesktop.org/show_bug.cgi?id=5897
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1760

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-5214
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html