CVE-2006-5327

CVE Database · CVE-2006-5327

CVE-2006-5327

· N/AModified

CVSS v3.1

N/A

EPSS

0.57%

Published

Oct 17, 2006

Modified

Apr 22, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase.

Affected Products (5)

apple · xcodevulnerable

openbase_international_ltd · openbasevulnerable

References (20)

http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html

http://secunia.com/advisories/22390

PatchVendor Advisory

http://secunia.com/advisories/22474

PatchVendor Advisory

http://secunia.com/advisories/27441

http://www.digitalmunition.com/DMA%5B2006-1016a%5D.txt

http://www.digitalmunition.com/Xcode_OpenBase_pwn.pl

http://www.securityfocus.com/bid/20562

Exploit

http://www.securitytracker.com/id?1018872

http://www.vupen.com/english/advisories/2006/4058

KEV Catalog EPSS Scores Vendors All CVEs