FKIE_CVE-2006-6131

Vulnerability from fkie_nvd - Published: 2006-11-28 01:07 - Updated: 2025-04-09 00:30
Severity ?
Summary
Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory.
References
cve@mitre.orghttp://secunia.com/advisories/22906Exploit, Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/1921
cve@mitre.orghttp://securitytracker.com/id?1017239Exploit
cve@mitre.orghttp://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt
cve@mitre.orghttp://www.osvdb.org/30450Exploit
cve@mitre.orghttp://www.securityfocus.com/archive/1/451832/100/200/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/21123Exploit
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/4539
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/30308
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22906Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/1921
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017239Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/30450Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/451832/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/21123Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/4539
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/30308
Impacted products
Vendor Product Version
kerio webstar *
kerio webstar 4.0
kerio webstar 5.1.2
kerio webstar 5.1.3
kerio webstar 5.2
kerio webstar 5.2.1
kerio webstar 5.2.2
kerio webstar 5.2.3
kerio webstar 5.2.4
kerio webstar 5.3
kerio webstar 5.3.1
kerio webstar 5.3.2
kerio webstar 5.3.3
kerio webstar 5.3.4
kerio webstar 5.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kerio:webstar:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7F28702-84B0-42A3-A244-53F3D94F6BC3",
              "versionEndIncluding": "5.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kerio:webstar:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C1D166E-75B3-4EB3-98AF-6833ABD5B8E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kerio:webstar:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2E97519-73F0-4458-BB7B-DA586822D3AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kerio:webstar:5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "972BFD94-E0AE-4FC3-939B-92755E1DFEF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kerio:webstar:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "40545A77-1C92-4794-99B9-F702092A3119",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kerio:webstar:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B475F7-CA40-4253-A035-43CFAF3CAA5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kerio:webstar:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "04E6E05E-3917-4BCA-8EFC-478BC6D47140",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kerio:webstar:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "977ACE5E-7B5E-4BB2-9E0D-4B1207767A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kerio:webstar:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F99FFA5-A88D-480D-BCB6-C7FA240758E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kerio:webstar:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60FB0855-0483-491C-AECC-B72E3C7349F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kerio:webstar:5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F405A681-5451-455E-AC82-4CA6BB023684",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kerio:webstar:5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F592F600-295A-4F0F-A5BB-02ED95FA95F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kerio:webstar:5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "84F7E9C9-4FFC-45B3-B031-385769F008BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kerio:webstar:5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F0963F3-EA87-4337-90C2-4DFA80B79D7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kerio:webstar:5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E33D19-BA94-4444-8C9F-43F92147F782",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en (1) WSAdminServer y (2) WSWebServer en Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 y anteriores permite a atacantes remotos con privilegios webstar obtener privilegios de root mediante una librer\u00eda de ayuda libucache.dylib maliciosa en el directorio de trabajo actual."
    }
  ],
  "evaluatorSolution": "Successful exploitation requires that the attacker is part of the \"admin\" group or the \"webstar\" user.",
  "id": "CVE-2006-6131",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-11-28T01:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22906"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1921"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1017239"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/30450"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/451832/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/21123"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4539"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1921"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1017239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/30450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/451832/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/21123"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30308"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.