7.8

CVE-2006-2916

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KdeArts Version1.0
   LinuxLinux Kernel Version >= 2.6.0
KdeArts Version1.2
   LinuxLinux Kernel Version >= 2.6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.39% 0.301
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6 1.5 10
AV:L/AC:H/Au:S/C:C/I:C/A:C
CWE-273 Improper Check for Dropped Privileges

The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

http://secunia.com/advisories/20899
Vendor Advisory
Broken Link
http://www.novell.com/linux/security/advisories/2006_38_security.html
Broken Link
http://dot.kde.org/1150310128/
Not Applicable
http://mail.gnome.org/archives/beast/2006-December/msg00025.html
Mailing List
http://secunia.com/advisories/20677
Vendor Advisory
Broken Link
http://secunia.com/advisories/20786
Vendor Advisory
Broken Link
http://secunia.com/advisories/20827
Vendor Advisory
Broken Link
http://secunia.com/advisories/20868
Vendor Advisory
Broken Link
http://secunia.com/advisories/25032
Broken Link
http://secunia.com/advisories/25059
Broken Link
http://security.gentoo.org/glsa/glsa-200704-22.xml
Third Party Advisory
http://securitytracker.com/id?1016298
Third Party Advisory
Broken Link
VDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256
Third Party Advisory
Mailing List
http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml
Third Party Advisory
http://www.kde.org/info/security/advisory-20060614-2.txt
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:107
Third Party Advisory
http://www.osvdb.org/26506
Broken Link
http://www.securityfocus.com/archive/1/437362/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/18429
Patch
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/23697
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2006/2357
Broken Link
http://www.vupen.com/english/advisories/2007/0409
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/27221
Third Party Advisory
VDB Entry