Vulnerabilities > CVE-2006-5852 - Local Security vulnerability in Openbase

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

openbase-international-ltd

exploit available

NVD

Published: 2006-11-10

Updated: 2017-10-19

Summary

Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327.

Vulnerable Configurations

Part	Description	Count
Application	Openbase_International_Ltd Openbase International LTD Openbase 7.0.15 Openbase International LTD Openbase 8.0.4 Openbase International LTD Openbase 9.1.5 Openbase International LTD Openbase 10.0	4

Exploit-Db

description	Xcode OpenBase <= 10.0.0 (unsafe system call) Local Root Exploit (OSX). CVE-2006-5852. Local exploit for osx platform
file	exploits/osx/local/2738.pl
id	EDB-ID:2738
last seen	2016-01-31
modified	2006-11-08
platform	osx
port
published	2006-11-08
reporter	Kevin Finisterre
source	https://www.exploit-db.com/download/2738/
title	Xcode OpenBase <= 10.0.0 unsafe system call Local Root Exploit OSX
type	local

Summary

Vulnerable Configurations

Exploit-Db

References