CVE-2006-6131 - OpenCVE

Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:H/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Kerio	Webstar

Configuration 1 [-]

OR	cpe:2.3:a:kerio:webstar::::::::
	cpe:2.3:a:kerio:webstar:4.0:::::::*
	cpe:2.3:a:kerio:webstar:5.1.2:::::::*
	cpe:2.3:a:kerio:webstar:5.1.3:::::::*
	cpe:2.3:a:kerio:webstar:5.2:::::::*
	cpe:2.3:a:kerio:webstar:5.2.1:::::::*
	cpe:2.3:a:kerio:webstar:5.2.2:::::::*
	cpe:2.3:a:kerio:webstar:5.2.3:::::::*
	cpe:2.3:a:kerio:webstar:5.2.4:::::::*
	cpe:2.3:a:kerio:webstar:5.3:::::::*
	cpe:2.3:a:kerio:webstar:5.3.1:::::::*
	cpe:2.3:a:kerio:webstar:5.3.2:::::::*
	cpe:2.3:a:kerio:webstar:5.3.3:::::::*
	cpe:2.3:a:kerio:webstar:5.3.4:::::::*
	cpe:2.3:a:kerio:webstar:5.4:::::::*

References

Link	Resource
http://secunia.com/advisories/22906	Exploit Vendor Advisory
http://securityreason.com/securityalert/1921
http://securitytracker.com/id?1017239	Exploit
http://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt
http://www.osvdb.org/30450	Exploit
http://www.securityfocus.com/archive/1/451832/100/200/threaded
http://www.securityfocus.com/bid/21123	Exploit
http://www.vupen.com/english/advisories/2006/4539
https://exchange.xforce.ibmcloud.com/vulnerabilities/30308

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-28T01:00:00

Updated: 2018-10-17T20:57:01

Reserved: 2006-11-27T00:00:00

Link: CVE-2006-6131

JSON object: View

NVD Information

Status : Modified

Published: 2006-11-28T01:07:00.000

Modified: 2023-11-07T01:59:48.313

Link: CVE-2006-6131

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "21123", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21123"}, {"name": "1017239", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017239"}, {"name": "kerio-webstar-privilege-escalation(30308)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30308"}, {"tags": ["x_refsource_MISC"], "url": "http://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt"}, {"name": "20061116 Kerio WebSTAR local privilege escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/451832/100/200/threaded"}, {"name": "30450", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/30450"}, {"name": "1921", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1921"}, {"name": "ADV-2006-4539", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4539"}, {"name": "22906", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22906"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6131", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "21123", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21123"}, {"name": "1017239", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017239"}, {"name": "kerio-webstar-privilege-escalation(30308)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30308"}, {"name": "http://www.digitalmunition.com/DMA[2006-1115a].txt", "refsource": "MISC", "url": "http://www.digitalmunition.com/DMA[2006-1115a].txt"}, {"name": "20061116 Kerio WebSTAR local privilege escalation", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/451832/100/200/threaded"}, {"name": "30450", "refsource": "OSVDB", "url": "http://www.osvdb.org/30450"}, {"name": "1921", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1921"}, {"name": "ADV-2006-4539", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4539"}, {"name": "22906", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22906"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6131", "datePublished": "2006-11-28T01:00:00", "dateReserved": "2006-11-27T00:00:00", "dateUpdated": "2018-10-17T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kerio:webstar:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7F28702-84B0-42A3-A244-53F3D94F6BC3", "versionEndIncluding": "5.4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C1D166E-75B3-4EB3-98AF-6833ABD5B8E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F2E97519-73F0-4458-BB7B-DA586822D3AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "972BFD94-E0AE-4FC3-939B-92755E1DFEF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "40545A77-1C92-4794-99B9-F702092A3119", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "02B475F7-CA40-4253-A035-43CFAF3CAA5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "04E6E05E-3917-4BCA-8EFC-478BC6D47140", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "977ACE5E-7B5E-4BB2-9E0D-4B1207767A00", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "9F99FFA5-A88D-480D-BCB6-C7FA240758E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "60FB0855-0483-491C-AECC-B72E3C7349F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "F405A681-5451-455E-AC82-4CA6BB023684", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "F592F600-295A-4F0F-A5BB-02ED95FA95F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "84F7E9C9-4FFC-45B3-B031-385769F008BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "9F0963F3-EA87-4337-90C2-4DFA80B79D7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:webstar:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "B5E33D19-BA94-4444-8C9F-43F92147F782", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory."}, {"lang": "es", "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en (1) WSAdminServer y (2) WSWebServer en Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 y anteriores permite a atacantes remotos con privilegios webstar obtener privilegios de root mediante una librer\u00eda de ayuda libucache.dylib maliciosa en el directorio de trabajo actual."}], "evaluatorSolution": "Successful exploitation requires that the attacker is part of the \"admin\" group or the \"webstar\" user.", "id": "CVE-2006-6131", "lastModified": "2023-11-07T01:59:48.313", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-28T01:07:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://secunia.com/advisories/22906"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1921"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1017239"}, {"source": "cve@mitre.org", "url": "http://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/30450"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/451832/100/200/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/21123"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4539"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30308"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}