Unrated severityNVD Advisory· Published Oct 17, 2006· Updated Jun 16, 2026
CVE-2006-5327
CVE-2006-5327
Description
Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase.
Affected products
7cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*range: <=2.2
- (no CPE)range: <=2.2
cpe:2.3:a:openbase_international_ltd:openbase:7.0.15:*:mac_os_x:*:*:*:*:*+ 3 more
- cpe:2.3:a:openbase_international_ltd:openbase:7.0.15:*:mac_os_x:*:*:*:*:*
- cpe:2.3:a:openbase_international_ltd:openbase:8.0.4:*:mac_os_x:*:*:*:*:*
- cpe:2.3:a:openbase_international_ltd:openbase:9.1.5:*:mac_os_x:*:*:*:*:*
- cpe:2.3:a:openbase_international_ltd:openbase:*:*:mac_os_x:*:*:*:*:*range: <=10.0
- Range: <=10.0
Patches
Vulnerability mechanics
References
12- secunia.com/advisories/22390nvdPatchVendor Advisory
- secunia.com/advisories/22474nvdPatchVendor Advisory
- www.securityfocus.com/bid/20562nvdExploit
- lists.apple.com/archives/security-announce/2007/Oct/msg00001.htmlnvd
- secunia.com/advisories/27441nvd
- www.digitalmunition.com/DMA%5B2006-1016a%5D.txtnvd
- www.digitalmunition.com/Xcode_OpenBase_pwn.plnvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2006/4058nvd
- www.vupen.com/english/advisories/2006/4059nvd
- www.vupen.com/english/advisories/2007/3665nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/29624nvd
News mentions
0No linked articles in our index yet.