New Search

Security Vulnerability in X Display Manager (xdm(1)) Xsession Script

oval:org.mitre.oval:def:2205

The Xsession script as used by X Display Manager (xdm) in NetBSD before 20060212 X.Org before 20060317 and Solaris 8 through 10 before 20061006 allows local users to overwrite arbitrary files or read another user's Xsession errors file via a symlink attack on a /tmp/xses-$USER file.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Sun Solaris 10
  • Sun Solaris 8
  • Sun Solaris 9
Class:
vulnerability
Reference(s):
  • CVE-2006-5215
Product(s):