7.8

CVE-2006-2916

EPSS 0.15%
Published 15.06.2006 10:02:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

Affected products Warnungen 0 Metrics 3 CWE 1 References 26

Data is provided by the National Vulnerability Database (NVD)

Kde ≫ Arts Version1.0

Linux ≫ Linux Kernel Version >= 2.6.0

Kde ≫ Arts Version1.2

Linux ≫ Linux Kernel Version >= 2.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.313

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6	1.5	10	AV:L/AC:H/Au:S/C:C/I:C/A:C

CWE-273 Improper Check for Dropped Privileges

The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

http://secunia.com/advisories/20899

Vendor Advisory

Broken Link

http://www.novell.com/linux/security/advisories/2006_38_security.html

Broken Link

http://dot.kde.org/1150310128/

Not Applicable

http://mail.gnome.org/archives/beast/2006-December/msg00025.html

Mailing List

http://secunia.com/advisories/20677

Vendor Advisory

Broken Link

http://secunia.com/advisories/20786

Vendor Advisory

Broken Link

http://secunia.com/advisories/20827

Vendor Advisory

Broken Link

http://secunia.com/advisories/20868

Vendor Advisory

Broken Link

http://secunia.com/advisories/25032

Broken Link

http://secunia.com/advisories/25059

Broken Link

http://security.gentoo.org/glsa/glsa-200704-22.xml

Third Party Advisory

http://securitytracker.com/id?1016298

Third Party Advisory

Broken Link

VDB Entry

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256

Third Party Advisory

Mailing List

http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml

Third Party Advisory

http://www.kde.org/info/security/advisory-20060614-2.txt

Patch

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2006:107

Third Party Advisory

http://www.osvdb.org/26506

Broken Link

http://www.securityfocus.com/archive/1/437362/100/0/threaded

Third Party Advisory

Broken Link

VDB Entry

http://www.securityfocus.com/bid/18429

Patch

Third Party Advisory

Broken Link

VDB Entry

http://www.securityfocus.com/bid/23697

Third Party Advisory

Broken Link

VDB Entry

http://www.vupen.com/english/advisories/2006/2357

Broken Link

http://www.vupen.com/english/advisories/2007/0409

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/27221

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2006-2916

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-2916

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-2916

EUVD