| ID |
CVE-2006-4447
|
| Summary |
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:x.org:emu-linux-x87-xlibs:7.0_r1:*:*:*:*:*:*:*
cpe:2.3:a:x.org:emu-linux-x87-xlibs:7.0_r1:*:*:*:*:*:*:*
-
cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
-
cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*
-
cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*
-
cpe:2.3:a:x.org:x11r6:6.8.2:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x11r6:6.8.2:*:*:*:*:*:*:*
-
cpe:2.3:a:x.org:x11r7:1.0:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x11r7:1.0:*:*:*:*:*:*:*
-
cpe:2.3:a:x.org:x11r7:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x11r7:1.0.1:*:*:*:*:*:*:*
-
cpe:2.3:a:x.org:x11r7:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x11r7:1.0.2:*:*:*:*:*:*:*
-
cpe:2.3:a:x.org:xdm:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xdm:1.0.3:*:*:*:*:*:*:*
-
cpe:2.3:a:x.org:xf86dga:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xf86dga:1.0.0:*:*:*:*:*:*:*
-
cpe:2.3:a:x.org:xinit:1.0.2_r5:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xinit:1.0.2_r5:*:*:*:*:*:*:*
-
cpe:2.3:a:x.org:xload:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xload:1.0.0:*:*:*:*:*:*:*
-
cpe:2.3:a:x.org:xorg-server:1.02_r5:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xorg-server:1.02_r5:*:*:*:*:*:*:*
-
cpe:2.3:a:x.org:xterm:214:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xterm:214:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.2 (as of 08-03-2011 - 02:40) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| refmap
via4
|
| bid | | | cert-vn | VU#300368 | | debian | DSA-1193 | | gentoo | - GLSA-200608-25
- GLSA-200704-22
| | mandriva | MDKSA-2006:160 | | mlist | - [beast] 20061228 ANNOUNCE: BEAST/BSE v0.7.1
- [xorg] 20060620 X.Org security advisory: setuid return value check problems
| | secunia | - 21650
- 21660
- 21693
- 22332
- 25032
- 25059
| | vupen | - ADV-2006-3409
- ADV-2007-0409
|
|
| statements
via4
|
| contributor | Mark J Cox | | lastmodified | 2006-09-12 | | organization | Red Hat | | statement | Not Vulnerable. This issue does not exist in Red Hat Enterprise Linux 2.1 or 3. This issue not exploitable in Red Hat Enterprise Linux 4. A detailed analysis of this issue can be found in the Red Hat Bug Tracking System:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195555 |
|
| Last major update |
08-03-2011 - 02:40 |
| Published |
30-08-2006 - 01:04 |
| Last modified |
08-03-2011 - 02:40 |
