Vulnerability Details CVE-2006-6131
Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.7%
CVSS Severity
CVSS v2 Score 6.2
References
- http://secunia.com/advisories/22906
- http://securityreason.com/securityalert/1921
- http://securitytracker.com/id?1017239
- http://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt
- http://www.osvdb.org/30450
- http://www.securityfocus.com/archive/1/451832/100/200/threaded
- http://www.securityfocus.com/bid/21123
- http://www.vupen.com/english/advisories/2006/4539
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30308
- http://secunia.com/advisories/22906
- http://securityreason.com/securityalert/1921
- http://securitytracker.com/id?1017239
- http://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt
- http://www.osvdb.org/30450
- http://www.securityfocus.com/archive/1/451832/100/200/threaded
- http://www.securityfocus.com/bid/21123
- http://www.vupen.com/english/advisories/2006/4539
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30308
Products affected by CVE-2006-6131
-
cpe:2.3:a:kerio:webstar:*
-
cpe:2.3:a:kerio:webstar:4.0
-
cpe:2.3:a:kerio:webstar:5.1.2
-
cpe:2.3:a:kerio:webstar:5.1.3
-
cpe:2.3:a:kerio:webstar:5.2
-
cpe:2.3:a:kerio:webstar:5.2.1
-
cpe:2.3:a:kerio:webstar:5.2.2
-
cpe:2.3:a:kerio:webstar:5.2.3
-
cpe:2.3:a:kerio:webstar:5.2.4
-
cpe:2.3:a:kerio:webstar:5.3
-
cpe:2.3:a:kerio:webstar:5.3.1
-
cpe:2.3:a:kerio:webstar:5.3.2
-
cpe:2.3:a:kerio:webstar:5.3.3
-
cpe:2.3:a:kerio:webstar:5.3.4
-
cpe:2.3:a:kerio:webstar:5.4