Vulnerability Description
The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program.
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lesstif | Lesstif | <= 0.95.0 |
References
- http://karol.wiesek.pl/files/lesstif-advisory.pdfExploitVendor Advisory
- http://secunia.com/advisories/21428Vendor Advisory
- http://www.securityfocus.com/bid/19430Exploit
- http://www.vupen.com/english/advisories/2006/3230
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28298
- https://www.exploit-db.com/exploits/2144
- http://karol.wiesek.pl/files/lesstif-advisory.pdfExploitVendor Advisory
- http://secunia.com/advisories/21428Vendor Advisory
- http://www.securityfocus.com/bid/19430Exploit
- http://www.vupen.com/english/advisories/2006/3230
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28298
- https://www.exploit-db.com/exploits/2144
FAQ
What is CVE-2006-4124?
CVE-2006-4124 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a set...
How severe is CVE-2006-4124?
CVE-2006-4124 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4124?
Check the references section above for vendor advisories and patch information. Affected products include: Lesstif Lesstif.