CVE-2006-6131 - OpenCVE

Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:H/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kerio	Webstar

Configuration 1 [-]

OR	cpe:2.3:a:kerio:webstar::::::::
	cpe:2.3:a:kerio:webstar:4.0:::::::*
	cpe:2.3:a:kerio:webstar:5.1.2:::::::*
	cpe:2.3:a:kerio:webstar:5.1.3:::::::*
	cpe:2.3:a:kerio:webstar:5.2:::::::*
	cpe:2.3:a:kerio:webstar:5.2.1:::::::*
	cpe:2.3:a:kerio:webstar:5.2.2:::::::*
	cpe:2.3:a:kerio:webstar:5.2.3:::::::*
	cpe:2.3:a:kerio:webstar:5.2.4:::::::*
	cpe:2.3:a:kerio:webstar:5.3:::::::*
	cpe:2.3:a:kerio:webstar:5.3.1:::::::*
	cpe:2.3:a:kerio:webstar:5.3.2:::::::*
	cpe:2.3:a:kerio:webstar:5.3.3:::::::*
	cpe:2.3:a:kerio:webstar:5.3.4:::::::*
	cpe:2.3:a:kerio:webstar:5.4:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/22906
http://securityreason.com/securityalert/1921
http://securitytracker.com/id?1017239
http://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt
http://www.osvdb.org/30450
http://www.securityfocus.com/archive/1/451832/100/200/threaded
http://www.securityfocus.com/bid/21123
http://www.vupen.com/english/advisories/2006/4539
https://exchange.xforce.ibmcloud.com/vulnerabilities/30308

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-28T01:00:00

Updated: 2024-08-07T20:19:33.955Z

Reserved: 2006-11-27T00:00:00

Link: CVE-2006-6131

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-11-28T01:07:00.000

Modified: 2023-11-07T01:59:48.313

Link: CVE-2006-6131

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "21123", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21123"}, {"name": "1017239", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017239"}, {"name": "kerio-webstar-privilege-escalation(30308)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30308"}, {"tags": ["x_refsource_MISC"], "url": "http://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt"}, {"name": "20061116 Kerio WebSTAR local privilege escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/451832/100/200/threaded"}, {"name": "30450", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/30450"}, {"name": "1921", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1921"}, {"name": "ADV-2006-4539", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4539"}, {"name": "22906", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22906"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6131", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "21123", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21123"}, {"name": "1017239", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017239"}, {"name": "kerio-webstar-privilege-escalation(30308)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30308"}, {"name": "http://www.digitalmunition.com/DMA[2006-1115a].txt", "refsource": "MISC", "url": "http://www.digitalmunition.com/DMA[2006-1115a].txt"}, {"name": "20061116 Kerio WebSTAR local privilege escalation", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/451832/100/200/threaded"}, {"name": "30450", "refsource": "OSVDB", "url": "http://www.osvdb.org/30450"}, {"name": "1921", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1921"}, {"name": "ADV-2006-4539", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4539"}, {"name": "22906", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22906"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:19:33.955Z"}, "title": "CVE Program Container", "references": [{"name": "21123", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21123"}, {"name": "1017239", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017239"}, {"name": "kerio-webstar-privilege-escalation(30308)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30308"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt"}, {"name": "20061116 Kerio WebSTAR local privilege escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/451832/100/200/threaded"}, {"name": "30450", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/30450"}, {"name": "1921", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1921"}, {"name": "ADV-2006-4539", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4539"}, {"name": "22906", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22906"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6131", "datePublished": "2006-11-28T01:00:00", "dateReserved": "2006-11-27T00:00:00", "dateUpdated": "2024-08-07T20:19:33.955Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kerio:webstar:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7F28702-84B0-42A3-A244-53F3D94F6BC3", "versionEndIncluding": "5.4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C1D166E-75B3-4EB3-98AF-6833ABD5B8E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F2E97519-73F0-4458-BB7B-DA586822D3AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "972BFD94-E0AE-4FC3-939B-92755E1DFEF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "40545A77-1C92-4794-99B9-F702092A3119", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "02B475F7-CA40-4253-A035-43CFAF3CAA5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "04E6E05E-3917-4BCA-8EFC-478BC6D47140", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "977ACE5E-7B5E-4BB2-9E0D-4B1207767A00", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "9F99FFA5-A88D-480D-BCB6-C7FA240758E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "60FB0855-0483-491C-AECC-B72E3C7349F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "F405A681-5451-455E-AC82-4CA6BB023684", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "F592F600-295A-4F0F-A5BB-02ED95FA95F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "84F7E9C9-4FFC-45B3-B031-385769F008BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "9F0963F3-EA87-4337-90C2-4DFA80B79D7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "B5E33D19-BA94-4444-8C9F-43F92147F782", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory."}, {"lang": "es", "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en (1) WSAdminServer y (2) WSWebServer en Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 y anteriores permite a atacantes remotos con privilegios webstar obtener privilegios de root mediante una librer\u00eda de ayuda libucache.dylib maliciosa en el directorio de trabajo actual."}], "evaluatorSolution": "Successful exploitation requires that the attacker is part of the \"admin\" group or the \"webstar\" user.", "id": "CVE-2006-6131", "lastModified": "2023-11-07T01:59:48.313", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-28T01:07:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://secunia.com/advisories/22906"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1921"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1017239"}, {"source": "cve@mitre.org", "url": "http://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/30450"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/451832/100/200/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/21123"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4539"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30308"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}