[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-0745Date: (C)2006-03-20   (M)2023-12-22


X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1015793
SUNALERT-102252
BID-17169
SECUNIA-19256
SECUNIA-19307
SECUNIA-19311
SECUNIA-19316
SECUNIA-19676
http://www.securityfocus.com/archive/1/428230/100/0/threaded
http://www.securityfocus.com/archive/1/428183/100/0/threaded
OSVDB-24000
OSVDB-24001
SREASON-606
ADV-2006-1017
ADV-2006-1028
FEDORA-2006-172
MDKSA-2006:056
SUSE-SA:2006:016
http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm
oval:org.mitre.oval:def:1697
xorg-geteuid-privilege-escalation(25341)

CPE    1
cpe:/o:mandrakesoft:mandrake_linux:2006

© SecPod Technologies