7.8

CVE-2006-2916

EPSS 0.15%
Veröffentlicht 15.06.2006 10:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 26

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kde ≫ Arts Version1.0

Linux ≫ Linux Kernel Version >= 2.6.0

Kde ≫ Arts Version1.2

Linux ≫ Linux Kernel Version >= 2.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.313

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6	1.5	10	AV:L/AC:H/Au:S/C:C/I:C/A:C

CWE-273 Improper Check for Dropped Privileges

The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

http://secunia.com/advisories/20899

Vendor Advisory

Broken Link

http://www.novell.com/linux/security/advisories/2006_38_security.html

Broken Link

http://dot.kde.org/1150310128/

Not Applicable

http://mail.gnome.org/archives/beast/2006-December/msg00025.html

Mailing List

http://secunia.com/advisories/20677

Vendor Advisory

Broken Link

http://secunia.com/advisories/20786

Vendor Advisory

Broken Link

http://secunia.com/advisories/20827

Vendor Advisory

Broken Link

http://secunia.com/advisories/20868

Vendor Advisory

Broken Link

http://secunia.com/advisories/25032

Broken Link

http://secunia.com/advisories/25059

Broken Link

http://security.gentoo.org/glsa/glsa-200704-22.xml

Third Party Advisory

http://securitytracker.com/id?1016298

Third Party Advisory

Broken Link

VDB Entry

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256

Third Party Advisory

Mailing List

http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml

Third Party Advisory

http://www.kde.org/info/security/advisory-20060614-2.txt

Patch

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2006:107

Third Party Advisory

http://www.osvdb.org/26506

Broken Link

http://www.securityfocus.com/archive/1/437362/100/0/threaded

Third Party Advisory

Broken Link

VDB Entry

http://www.securityfocus.com/bid/18429

Patch

Third Party Advisory

Broken Link

VDB Entry

http://www.securityfocus.com/bid/23697

Third Party Advisory

Broken Link

VDB Entry

http://www.vupen.com/english/advisories/2006/2357

Broken Link

http://www.vupen.com/english/advisories/2007/0409

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/27221

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2006-2916

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-2916

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-2916

EUVD