Vulnerabilities > CVE-2006-4124 - Local Arbitrary File Creation vulnerability in Lesstif 0.93.94
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| id | EDB-ID:2144 |
Statements
| contributor | Mark J Cox |
| lastmodified | 2006-08-16 |
| organization | Red Hat |
| statement | LessTif is shipped with Red Hat Enterprise Linux 2.1 but not 3 or 4. On Enterprise Linux 2.1 we build LessTif with debugging disabled, so the DEBUG_FILE environment variable is ignored and this issue cannot be exploited. |