Vulnerability Description
Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kerio | Webstar | <= 5.4.2 |
References
- http://secunia.com/advisories/22906ExploitVendor Advisory
- http://securityreason.com/securityalert/1921
- http://securitytracker.com/id?1017239Exploit
- http://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt
- http://www.osvdb.org/30450Exploit
- http://www.securityfocus.com/archive/1/451832/100/200/threaded
- http://www.securityfocus.com/bid/21123Exploit
- http://www.vupen.com/english/advisories/2006/4539
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30308
- http://secunia.com/advisories/22906ExploitVendor Advisory
- http://securityreason.com/securityalert/1921
- http://securitytracker.com/id?1017239Exploit
- http://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt
- http://www.osvdb.org/30450Exploit
- http://www.securityfocus.com/archive/1/451832/100/200/threaded
FAQ
What is CVE-2006-6131?
CVE-2006-6131 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privil...
How severe is CVE-2006-6131?
CVE-2006-6131 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6131?
Check the references section above for vendor advisories and patch information. Affected products include: Kerio Webstar.