CVE-2006-5327 — HIGH (7.2) — White Hats Nepal

Q: How severe is CVE-2006-5327?

CVE-2006-5327 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-5327?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Xcode, Openbase International Ltd Openbase.

Vulnerability Description

Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Apple	Xcode	<= 2.2
Openbase International Ltd	Openbase	<= 10.0

References

FAQ

What is CVE-2006-5327?

CVE-2006-5327 is a vulnerability with a CVSS score of 7.2 (HIGH). Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modifie...

How severe is CVE-2006-5327?

CVE-2006-5327 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-5327?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Xcode, Openbase International Ltd Openbase.