Launchpad.net

CVE 2006-5214

Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.

Related bugs and status

CVE-2006-5214 (Candidate) is related to these bugs:

Bug #335678: Failsafe X troubleshooting dialogs not translatable

		In	Importance	Status
335678	Failsafe X troubleshooting dialogs not translatable	xorg (Ubuntu)	Wishlist	Fix Released
335678	Failsafe X troubleshooting dialogs not translatable	xorg (Guadalinex)	High	Fix Released
335678	Failsafe X troubleshooting dialogs not translatable	Ubuntu Translations	High	Fix Released

Bug #340807: Rename /etc/X11/Xsession.d/60x11-localhost to match convention

		In	Importance	Status
340807	Rename /etc/X11/Xsession.d/60x11-localhost to match convention	xorg (Ubuntu)	High	Fix Released
340807	Rename /etc/X11/Xsession.d/60x11-localhost to match convention	xorg (Ubuntu Karmic)	High	Fix Released
340807	Rename /etc/X11/Xsession.d/60x11-localhost to match convention	xorg (Ubuntu Lucid)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.netbsd.org/...
CONFIRM: https://bugs.freedeskt...
SUNALERT: 102652
BID: 20400
SECTRACK: 1017015
SECUNIA: 22323
SECUNIA: 22439
UBUNTU: USN-364-1
SECUNIA: 22469
CONFIRM: http://support.avaya.c...
SECUNIA: 22992
VUPEN: ADV-2006-3962
OVAL: oval:org.mitre.oval:de...