製品・ソフトウェアに関する情報

JVN脆弱性詳細

Kerio WebSTAR の WSAdminServer における root 権限を取得される脆弱性

Title	Kerio WebSTAR の WSAdminServer における root 権限を取得される脆弱性
Summary	Kerio WebSTAR (4D WebSTAR Server Suite) の (1) WSAdminServer および (2) WSWebServer は、検索パスに関する処理に不備があるため、root 権限を取得される脆弱性が存在します。
Possible impacts	webstar 権限を伴うローカルユーザにより、カレントワーキングディレクトリ内の不正な形式の libucache.dylib ヘルパーライブラリを介して、root 権限を取得される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Nov. 27, 2006, midnight
Registration Date	Sept. 25, 2012, 3:36 p.m.
Last Update	Sept. 25, 2012, 3:36 p.m.

Affected System

Kerio Technologies

webstar 5.4.2 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-6131	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6131
National Vulnerability Database (NVD)
2	CVE-2006-6131	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6131

ベンダー情報

No	Name	URL
Kerio Technologies
1	WebSTAR	http://www.kerio.com/webstar_home.html

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2006-6131

Summary	Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory.
Summary	Vulnerabilidad de ruta de búsqueda no confiable en (1) WSAdminServer y (2) WSWebServer en Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 y anteriores permite a atacantes remotos con privilegios webstar obtener privilegios de root mediante una librería de ayuda libucache.dylib maliciosa en el directorio de trabajo actual.
Publication Date	Nov. 28, 2006, 10:07 a.m.
Registration Date	Jan. 29, 2021, 3:50 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Related information, measures and tools

No	URL	refsource
1	http://secunia.com/advisories/22906	cve@mitre.org
2	http://securityreason.com/securityalert/1921	cve@mitre.org
3	http://securitytracker.com/id?1017239	cve@mitre.org
4	http://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt	cve@mitre.org
5	http://www.osvdb.org/30450	cve@mitre.org
6	http://www.securityfocus.com/archive/1/451832/100/200/threaded	cve@mitre.org
7	http://www.securityfocus.com/bid/21123	cve@mitre.org
8	http://www.vupen.com/english/advisories/2006/4539	cve@mitre.org
9	https://exchange.xforce.ibmcloud.com/vulnerabilities/30308	cve@mitre.org
10	http://secunia.com/advisories/22906	af854a3a-2127-422b-91ae-364da2661108
11	http://securityreason.com/securityalert/1921	af854a3a-2127-422b-91ae-364da2661108
12	http://securitytracker.com/id?1017239	af854a3a-2127-422b-91ae-364da2661108
13	http://www.digitalmunition.com/DMA%5B2006-1115a%5D.txt	af854a3a-2127-422b-91ae-364da2661108
14	http://www.osvdb.org/30450	af854a3a-2127-422b-91ae-364da2661108
15	http://www.securityfocus.com/archive/1/451832/100/200/threaded	af854a3a-2127-422b-91ae-364da2661108
16	http://www.securityfocus.com/bid/21123	af854a3a-2127-422b-91ae-364da2661108
17	http://www.vupen.com/english/advisories/2006/4539	af854a3a-2127-422b-91ae-364da2661108
18	https://exchange.xforce.ibmcloud.com/vulnerabilities/30308	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List