Unrated severityNVD Advisory· Published Oct 17, 2006· Updated Apr 23, 2026

CVE-2006-5327

Description

Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase.

Affected products

Apple Inc./Xcode
cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*
Range: <=2.2
Openbase International Ltd/Openbase4 versions
cpe:2.3:a:openbase_international_ltd:openbase:7.0.15:*:mac_os_x:*:*:*:*:*+ 3 more
- cpe:2.3:a:openbase_international_ltd:openbase:7.0.15:*:mac_os_x:*:*:*:*:*
- cpe:2.3:a:openbase_international_ltd:openbase:8.0.4:*:mac_os_x:*:*:*:*:*
- cpe:2.3:a:openbase_international_ltd:openbase:9.1.5:*:mac_os_x:*:*:*:*:*
- cpe:2.3:a:openbase_international_ltd:openbase:*:*:mac_os_x:*:*:*:*:*range: <=10.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/22390nvdPatchVendor Advisory
secunia.com/advisories/22474nvdPatchVendor Advisory
www.securityfocus.com/bid/20562nvdExploit
lists.apple.com/archives/security-announce/2007/Oct/msg00001.htmlnvd
secunia.com/advisories/27441nvd
www.digitalmunition.com/DMA%5B2006-1016a%5D.txtnvd
www.digitalmunition.com/Xcode_OpenBase_pwn.plnvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2006/4058nvd
www.vupen.com/english/advisories/2006/4059nvd
www.vupen.com/english/advisories/2007/3665nvd
exchange.xforce.ibmcloud.com/vulnerabilities/29624nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000