ID CVE-2006-0745
Summary X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.
References
Vulnerable Configurations
  • cpe:2.3:a:x.org:x11r6:6.9:*:*:*:*:*:*:*
    cpe:2.3:a:x.org:x11r6:6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:x.org:x11r7:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:x.org:x11r7:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:x.org:x11r7:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:x.org:x11r7:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:x86_64:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:x86_64:*:*:*:*:*
  • cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*
  • cpe:2.3:o:suse:suse_linux:10.0:*:oss:*:*:*:*:*
    cpe:2.3:o:suse:suse_linux:10.0:*:oss:*:*:*:*:*
CVSS
Base: 7.2 (as of 19-10-2018 - 15:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2011-05-09T04:01:19.512-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Shane Shaffer
    organization G2, Inc.
description X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.
family unix
id oval:org.mitre.oval:def:1697
status accepted
submitted 2006-03-21T04:03:00.000-04:00
title X.Org Privilege Escalation Vulnerability in X11R6.9, X11R7.0
version 36
refmap via4
bid 17169
bugtraq
  • 20060320 Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0
  • 20060320 [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0
confirm http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm
fedora FEDORA-2006-172
mandriva MDKSA-2006:056
osvdb
  • 24000
  • 24001
sectrack 1015793
secunia
  • 19256
  • 19307
  • 19311
  • 19316
  • 19676
sreason 606
sunalert 102252
suse SUSE-SA:2006:016
vupen
  • ADV-2006-1017
  • ADV-2006-1028
xf xorg-geteuid-privilege-escalation(25341)
Last major update 19-10-2018 - 15:46
Published 21-03-2006 - 02:06
Last modified 19-10-2018 - 15:46
Back to Top