Back to search
CVE-2006-4447
Published: Aug 30, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
21660
third-party-advisory
x_refsource_SECUNIA
MDKSA-2006:160
vendor-advisory
x_refsource_MANDRIVA
[xorg] 20060620 X.Org security advisory: setuid return value check problems
mailing-list
x_refsource_MLIST
VU#300368
third-party-advisory
x_refsource_CERT-VN
ADV-2006-3409
vdb-entry
x_refsource_VUPEN
21693
third-party-advisory
x_refsource_SECUNIA
DSA-1193
vendor-advisory
x_refsource_DEBIAN
GLSA-200704-22
vendor-advisory
x_refsource_GENTOO
22332
third-party-advisory
x_refsource_SECUNIA
ADV-2007-0409
vdb-entry
x_refsource_VUPEN
GLSA-200608-25
vendor-advisory
x_refsource_GENTOO
23697
vdb-entry
x_refsource_BID
25059
third-party-advisory
x_refsource_SECUNIA
25032
third-party-advisory
x_refsource_SECUNIA
[beast] 20061228 ANNOUNCE: BEAST/BSE v0.7.1
mailing-list
x_refsource_MLIST
19742
vdb-entry
x_refsource_BID
21650
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now