Back to search
CVE-2006-2916
Published: Jun 15, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2006-2357
vdb-entry
x_refsource_VUPEN
20899
third-party-advisory
x_refsource_SECUNIA
26506
vdb-entry
x_refsource_OSVDB
MDKSA-2006:107
vendor-advisory
x_refsource_MANDRIVA
1016298
vdb-entry
x_refsource_SECTRACK
GLSA-200606-22
vendor-advisory
x_refsource_GENTOO
20868
third-party-advisory
x_refsource_SECUNIA
20060615 rPSA-2006-0105-1 arts
mailing-list
x_refsource_BUGTRAQ
20786
third-party-advisory
x_refsource_SECUNIA
GLSA-200704-22
vendor-advisory
x_refsource_GENTOO
ADV-2007-0409
vdb-entry
x_refsource_VUPEN
20677
third-party-advisory
x_refsource_SECUNIA
23697
vdb-entry
x_refsource_BID
25059
third-party-advisory
x_refsource_SECUNIA
arts-artwrapper-privilege-escalation(27221)
vdb-entry
x_refsource_XF
20827
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2006:015
vendor-advisory
x_refsource_SUSE
25032
third-party-advisory
x_refsource_SECUNIA
http://www.kde.org/info/security/advisory-20060614-2.txt
x_refsource_CONFIRM
[beast] 20061228 ANNOUNCE: BEAST/BSE v0.7.1
mailing-list
x_refsource_MLIST
http://dot.kde.org/1150310128/
x_refsource_CONFIRM
18429
vdb-entry
x_refsource_BID
SSA:2006-178-03
vendor-advisory
x_refsource_SLACKWARE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now