Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveRedhatCVE-2006-0745
HistoryMar 21, 2006 - 2:06 a.m.

CVE-2006-0745

2006-03-2102:06:00
redhat
web.nvd.nist.gov
74
x.org server
xorg-server
x11r6.9.0
x11r7.0
local users
arbitrary code
overwrite
cve-2006-0745
geteuid
nvd
security vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

25.5%

JSON

X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

Affected configurations

Nvd
Node
x.orgx11r6Match6.9
OR
x.orgx11r7Match1.0
OR
x.orgx11r7Match1.0.1
Node
mandrakesoftmandrake_linuxMatch2006
OR
mandrakesoftmandrake_linuxMatch2006x86_64
OR
redhatfedora_coreMatchcore_5.0
OR
sunsolarisMatch10.0x86
OR
susesuse_linuxMatch10.0oss
VendorProductVersionCPE
x.orgx11r66.9cpe:2.3:a:x.org:x11r6:6.9:*:*:*:*:*:*:*
x.orgx11r71.0cpe:2.3:a:x.org:x11r7:1.0:*:*:*:*:*:*:*
x.orgx11r71.0.1cpe:2.3:a:x.org:x11r7:1.0.1:*:*:*:*:*:*:*
mandrakesoftmandrake_linux2006cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
mandrakesoftmandrake_linux2006cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:x86_64:*:*:*:*:*
redhatfedora_corecore_5.0cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:*
sunsolaris10.0cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*
susesuse_linux10.0cpe:2.3:o:suse:suse_linux:10.0:*:oss:*:*:*:*:*

References

Related

ubuntucve 1
exploitdb 2
nessus 4
securityvulns 2
debiancve 1
openvas 2
prion 1
freebsd 1
nvd 1
cvelist 1
suse 1
cert 1
packetstorm 1
zdt 1
exploitpack 1
ubuntucve
ubuntucve
CVE-2006-0745
2006-03-21 00:00:00
exploitdb
exploitdb
X.Org X11 (X11R6.9.0/X11R7.0) - Local Privilege Escalation
2006-03-20 00:00:00
xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation
2018-11-30 00:00:00
nessus
nessus
FreeBSD : xorg-server -- privilege escalation (61534682-b8f4-11da-8e62-000e0c33c2dc)
2006-05-13 00:00:00
Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:056)
2006-03-21 00:00:00
SUSE-SA:2006:016: xorg-x11-server
2006-03-23 00:00:00
securityvulns
securityvulns
Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0
2006-03-21 00:00:00
[CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0
2006-03-21 00:00:00
debiancve
debiancve
CVE-2006-0745
2006-03-21 02:06:00
openvas
openvas
FreeBSD Ports: xorg-server
2008-09-04 00:00:00
FreeBSD Ports: xorg-server
2008-09-04 00:00:00
prion
prion
Code injection
2006-03-21 02:06:00
freebsd
freebsd
xorg-server -- privilege escalation
2006-03-20 00:00:00
nvd
nvd
CVE-2006-0745
2006-03-21 02:06:00
cvelist
cvelist
CVE-2006-0745
2006-03-21 02:00:00
suse
suse
local privilege escalation in xorg-x11-server
2006-03-21 10:47:06
cert
cert
X.Org server fails to properly test for effective user ID
2006-08-16 00:00:00
packetstorm
packetstorm
xorg-x11-server modulepath Local Privilege Escalation
2018-12-01 00:00:00
zdt
zdt
xorg-x11-server < 1.20.3 - modulepath Local Privilege Escalation Exploit
2018-12-01 00:00:00
exploitpack
exploitpack
xorg-x11-server 1.20.3 - modulepath Local Privilege Escalation
2018-11-30 00:00:00

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

25.5%

JSON
Related for CVE-2006-0745
ubuntucve1exploitdb2nessus4securityvulns2debiancve1openvas2prion1freebsd1nvd1cvelist1suse1cert1packetstorm1zdt1exploitpack1