Vulnerability Details : CVE-2006-2916
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.
Products affected by CVE-2006-2916
- cpe:2.3:a:kde:arts:1.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:kde:arts:1.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
Exploit prediction scoring system (EPSS) score for CVE-2006-2916
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-2916
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.0
|
MEDIUM | AV:L/AC:H/Au:S/C:C/I:C/A:C |
1.5
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-01-21 |
CWE ids for CVE-2006-2916
-
The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2006-2916
-
Red Hat 2006-08-16Not vulnerable. We do not ship aRts as setuid root on Red Hat Enterprise Linux 2.1, 3, or 4.
References for CVE-2006-2916
-
http://www.kde.org/info/security/advisory-20060614-2.txt
Patch;Vendor Advisory
-
http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml
aRts: Privilege escalation (GLSA 200606-22) — Gentoo securityThird Party Advisory
-
http://secunia.com/advisories/25059
About Secunia Research | FlexeraBroken Link
-
http://www.novell.com/linux/security/advisories/2006_38_security.html
404 Page Not Found | SUSEBroken Link
-
http://secunia.com/advisories/20677
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://secunia.com/advisories/25032
About Secunia Research | FlexeraBroken Link
-
http://dot.kde.org/1150310128/
Security Updates: Artswrapper and KDM | KDE.newsNot Applicable
-
http://www.vupen.com/english/advisories/2006/2357
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:107
Advisories - Mandriva LinuxThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-200704-22.xml
BEAST: Denial of service (GLSA 200704-22) — Gentoo securityThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27221
aRts artswrapper setuid privilege escalation CVE-2006-2916 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://secunia.com/advisories/20899
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://mail.gnome.org/archives/beast/2006-December/msg00025.html
ANNOUNCE: BEAST/BSE v0.7.1Mailing List
-
http://securitytracker.com/id?1016298
Broken Link;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/20868
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.securityfocus.com/bid/18429
Broken Link;Patch;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/20827
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.securityfocus.com/archive/1/437362/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
http://www.osvdb.org/26506
404 Not FoundBroken Link
-
http://www.vupen.com/english/advisories/2007/0409
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://secunia.com/advisories/20786
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256
The Slackware Linux Project: Slackware Security AdvisoriesMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/23697
Broken Link;Third Party Advisory;VDB Entry
Jump to