Уязвимость CVE-2006-2916: Информация

Описание

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

Важность: HIGH (7,8) Вектор: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2006-2916
Опубликовано: 15 июня 2006 г.
Изменено: 21 января 2024 г.
Идентификатор типа ошибки: CWE-273

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
http://www.kde.org/info/security/advisory-20060614-2.txt
  • Patch
  • Vendor Advisory
http://dot.kde.org/1150310128/
  • Not Applicable
18429
  • Broken Link
  • Patch
  • Third Party Advisory
  • VDB Entry
1016298
  • Broken Link
  • Third Party Advisory
  • VDB Entry
20677
  • Broken Link
  • Vendor Advisory
26506
  • Broken Link
GLSA-200606-22
  • Third Party Advisory
20827
  • Broken Link
  • Vendor Advisory
20786
  • Broken Link
  • Vendor Advisory
SSA:2006-178-03
  • Mailing List
  • Third Party Advisory
20868
  • Broken Link
  • Vendor Advisory
SUSE-SR:2006:015
  • Broken Link
20899
  • Broken Link
  • Vendor Advisory
[beast] 20061228 ANNOUNCE: BEAST/BSE v0.7.1
  • Mailing List
GLSA-200704-22
  • Third Party Advisory
23697
  • Broken Link
  • Third Party Advisory
  • VDB Entry
25032
  • Broken Link
25059
  • Broken Link
MDKSA-2006:107
  • Third Party Advisory
ADV-2007-0409
  • Broken Link
ADV-2006-2357
  • Broken Link
arts-artwrapper-privilege-escalation(27221)
  • Third Party Advisory
  • VDB Entry
20060615 rPSA-2006-0105-1 arts
  • Broken Link
  • Third Party Advisory
  • VDB Entry

    1. Конфигурация 1

      cpe:2.3:a:kde:arts:1.0:*:*:*:*:*:*:*
      cpe:2.3:a:kde:arts:1.2:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Версия: v24.5.1
Наверх