Vulnerability Details : CVE-2006-4447
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.
Products affected by CVE-2006-4447
- cpe:2.3:a:x.org:xterm:214:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r6:6.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r7:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r7:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r7:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:emu-linux-x87-xlibs:7.0_r1:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xdm:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xf86dga:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xinit:1.0.2_r5:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xload:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xorg-server:1.02_r5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-4447
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-4447
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
Vendor statements for CVE-2006-4447
-
Red Hat 2006-09-12Not Vulnerable. This issue does not exist in Red Hat Enterprise Linux 2.1 or 3. This issue not exploitable in Red Hat Enterprise Linux 4. A detailed analysis of this issue can be found in the Red Hat Bug Tracking System: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195555
References for CVE-2006-4447
-
http://www.securityfocus.com/bid/19742
-
http://security.gentoo.org/glsa/glsa-200608-25.xml
X.org and some X.org libraries: Local privilege escalations (GLSA 200608-25) — Gentoo securityPatch;Vendor Advisory
-
http://lists.freedesktop.org/archives/xorg/2006-June/016146.html
R3XX lockup possible solutionPatch
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:160
Mandriva
-
http://security.gentoo.org/glsa/glsa-200704-22.xml
BEAST: Denial of service (GLSA 200704-22) — Gentoo security
-
http://mail.gnome.org/archives/beast/2006-December/msg00025.html
ANNOUNCE: BEAST/BSE v0.7.1
-
http://www.kb.cert.org/vuls/id/300368
VU#300368 - X.Org fails to check for setuid failure on Linux systemsUS Government Resource
-
http://www.vupen.com/english/advisories/2007/0409
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.vupen.com/english/advisories/2006/3409
Site en construction
-
http://www.debian.org/security/2006/dsa-1193
[SECURITY] [DSA 1193-1] New XFree86 packages fix several vulnerabilities
-
http://www.securityfocus.com/bid/23697
Jump to