CVE-2006-2916

Sažetak

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

Reference

http://dot.kde.org/1150310128/
http://mail.gnome.org/archives/beast/2006-December/msg00025.html
http://secunia.com/advisories/20677
http://secunia.com/advisories/20786
http://secunia.com/advisories/20827
http://secunia.com/advisories/20868
http://secunia.com/advisories/20899
http://secunia.com/advisories/25032
http://secunia.com/advisories/25059
http://security.gentoo.org/glsa/glsa-200704-22.xml
http://securitytracker.com/id?1016298
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256
http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml
http://www.kde.org/info/security/advisory-20060614-2.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2006:107
http://www.novell.com/linux/security/advisories/2006_38_security.html
http://www.osvdb.org/26506
http://www.securityfocus.com/archive/1/437362/100/0/threaded
http://www.securityfocus.com/bid/18429
http://www.securityfocus.com/bid/23697
http://www.vupen.com/english/advisories/2006/2357
http://www.vupen.com/english/advisories/2007/0409
https://exchange.xforce.ibmcloud.com/vulnerabilities/27221

CVSS

Base:	6.0
Impact:	10.0
Exploitability:	1.5

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:H/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

21-01-2024 - 01:42

Objavljeno

15-06-2006 - 10:02