CVE-2006-5327

N/A Unknown

Published: October 17, 2006 Modified: April 23, 2026

Description

Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html

Source: cve@mitre.org

http://secunia.com/advisories/22390

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/22474

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/27441

Source: cve@mitre.org

http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt

Source: cve@mitre.org

http://www.digitalmunition.com/Xcode_OpenBase_pwn.pl

Source: cve@mitre.org

http://www.securityfocus.com/bid/20562

Source: cve@mitre.org

Exploit

http://www.securitytracker.com/id?1018872

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/4058

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/4059

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/3665

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/29624

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/22390

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://secunia.com/advisories/22474

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://secunia.com/advisories/27441

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.digitalmunition.com/Xcode_OpenBase_pwn.pl

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/20562

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securitytracker.com/id?1018872

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/4058

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/4059

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/3665

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/29624

Source: af854a3a-2127-422b-91ae-364da2661108

24 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

Exploitation Status

Not in CISA KEV

Affected Vendors

apple openbase_international_ltd