exploitDog

CVE-2006-5327

Опубликовано: 17 окт. 2006

Источник: nvd

CVSS2: 7.2

EPSS Низкий

Описание

Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*

Версия до 2.2 (включая)

cpe:2.3:a:openbase_international_ltd:openbase:*:*:mac_os_x:*:*:*:*:*

Версия до 10.0 (включая)

cpe:2.3:a:openbase_international_ltd:openbase:7.0.15:*:mac_os_x:*:*:*:*:*

cpe:2.3:a:openbase_international_ltd:openbase:8.0.4:*:mac_os_x:*:*:*:*:*

cpe:2.3:a:openbase_international_ltd:openbase:9.1.5:*:mac_os_x:*:*:*:*:*

EPSS

Процентиль: 39%

0.00171

Низкий

7.2 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-w3q8-f3hm-869w

github

почти 4 года назад

Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase.

EPSS

Процентиль: 39%

0.00171

Низкий

7.2 High

CVSS2

Дефекты

NVD-CWE-Other