7.8
CVE-2006-2916
- EPSS 0.39%
- Veröffentlicht 15.06.2006 10:02:00
- Zuletzt bearbeitet 16.06.2026 22:26:01
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.301 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6 | 1.5 | 10 |
AV:L/AC:H/Au:S/C:C/I:C/A:C
|
CWE-273 Improper Check for Dropped Privileges
The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
http://secunia.com/advisories/20899
http://www.novell.com/linux/security/advisories/2006_38_security.html
http://dot.kde.org/1150310128/
http://mail.gnome.org/archives/beast/2006-December/msg00025.html
http://secunia.com/advisories/20677
http://secunia.com/advisories/20786
http://secunia.com/advisories/20827
http://secunia.com/advisories/20868
http://secunia.com/advisories/25032
http://secunia.com/advisories/25059
http://security.gentoo.org/glsa/glsa-200704-22.xml
http://securitytracker.com/id?1016298
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256
http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml
http://www.kde.org/info/security/advisory-20060614-2.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2006:107
http://www.osvdb.org/26506
http://www.securityfocus.com/archive/1/437362/100/0/threaded
http://www.securityfocus.com/bid/18429
http://www.securityfocus.com/bid/23697
http://www.vupen.com/english/advisories/2006/2357
http://www.vupen.com/english/advisories/2007/0409
https://exchange.xforce.ibmcloud.com/vulnerabilities/27221