ByteOS Network

NVD Vulnerability Details :

CVE-2006-4447

Deferred

Source-cve@mitre.org

Published At-30 Aug, 2006 | 01:04

Updated At-03 Apr, 2025 | 01:03

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 2.0

Base score: 7.2

Base severity: HIGH

Vector:

AV:L/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

X.Org Foundation

>>emu-linux-x87-xlibs>>7.0_r1

cpe:2.3:a:x.org:emu-linux-x87-xlibs:7.0_r1:*:*:*:*:*:*:*

X.Org Foundation

>>x11r6>>6.7.0

cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*

X.Org Foundation

>>x11r6>>6.8

cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*

X.Org Foundation

>>x11r6>>6.8.1

cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*

X.Org Foundation

>>x11r6>>6.8.2

cpe:2.3:a:x.org:x11r6:6.8.2:*:*:*:*:*:*:*

X.Org Foundation

>>x11r7>>1.0

cpe:2.3:a:x.org:x11r7:1.0:*:*:*:*:*:*:*

X.Org Foundation

>>x11r7>>1.0.1

cpe:2.3:a:x.org:x11r7:1.0.1:*:*:*:*:*:*:*

X.Org Foundation

>>x11r7>>1.0.2

cpe:2.3:a:x.org:x11r7:1.0.2:*:*:*:*:*:*:*

X.Org Foundation

>>xdm>>1.0.3

cpe:2.3:a:x.org:xdm:1.0.3:*:*:*:*:*:*:*

X.Org Foundation

>>xf86dga>>1.0.0

cpe:2.3:a:x.org:xf86dga:1.0.0:*:*:*:*:*:*:*

X.Org Foundation

>>xinit>>1.0.2_r5

cpe:2.3:a:x.org:xinit:1.0.2_r5:*:*:*:*:*:*:*

X.Org Foundation

>>xload>>1.0.0

cpe:2.3:a:x.org:xload:1.0.0:*:*:*:*:*:*:*

X.Org Foundation

>>xorg-server>>1.02_r5

cpe:2.3:a:x.org:xorg-server:1.02_r5:*:*:*:*:*:*:*

X.Org Foundation

>>xterm>>214

cpe:2.3:a:x.org:xterm:214:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

Vendor Statements

Organization : Red Hat

Last Modified : 2006-09-12T00:00:00

Not Vulnerable. This issue does not exist in Red Hat Enterprise Linux 2.1 or 3. This issue not exploitable in Red Hat Enterprise Linux 4. A detailed analysis of this issue can be found in the Red Hat Bug Tracking System: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195555

References

Hyperlink	Source	Resource
http://lists.freedesktop.org/archives/xorg/2006-June/016146.html	cve@mitre.org	Patch
http://mail.gnome.org/archives/beast/2006-December/msg00025.html	cve@mitre.org	N/A
http://secunia.com/advisories/21650	cve@mitre.org	Patch Vendor Advisory
http://secunia.com/advisories/21660	cve@mitre.org	N/A
http://secunia.com/advisories/21693	cve@mitre.org	N/A
http://secunia.com/advisories/22332	cve@mitre.org	N/A
http://secunia.com/advisories/25032	cve@mitre.org	N/A
http://secunia.com/advisories/25059	cve@mitre.org	N/A
http://security.gentoo.org/glsa/glsa-200608-25.xml	cve@mitre.org	Patch Vendor Advisory
http://security.gentoo.org/glsa/glsa-200704-22.xml	cve@mitre.org	N/A
http://www.debian.org/security/2006/dsa-1193	cve@mitre.org	N/A
http://www.kb.cert.org/vuls/id/300368	cve@mitre.org	US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:160	cve@mitre.org	N/A
http://www.securityfocus.com/bid/19742	cve@mitre.org	N/A
http://www.securityfocus.com/bid/23697	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2006/3409	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2007/0409	cve@mitre.org	N/A
http://lists.freedesktop.org/archives/xorg/2006-June/016146.html	af854a3a-2127-422b-91ae-364da2661108	Patch
http://mail.gnome.org/archives/beast/2006-December/msg00025.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/21650	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://secunia.com/advisories/21660	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/21693	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/22332	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/25032	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/25059	af854a3a-2127-422b-91ae-364da2661108	N/A
http://security.gentoo.org/glsa/glsa-200608-25.xml	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://security.gentoo.org/glsa/glsa-200704-22.xml	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.debian.org/security/2006/dsa-1193	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.kb.cert.org/vuls/id/300368	af854a3a-2127-422b-91ae-364da2661108	US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:160	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/19742	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/23697	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2006/3409	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2007/0409	af854a3a-2127-422b-91ae-364da2661108	N/A