CVE-2006-4447

2006-08-3001:04:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

37.0%

JSON

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.

OSVersionArchitecturePackageVersionFilename
Debian12alllibx11< 2:1.0.0-7libx11_2:1.0.0-7_all.deb
Debian11alllibx11< 2:1.0.0-7libx11_2:1.0.0-7_all.deb
Debian999alllibx11< 2:1.0.0-7libx11_2:1.0.0-7_all.deb
Debian13alllibx11< 2:1.0.0-7libx11_2:1.0.0-7_all.deb
Debian12allxdm< 1:1.0.5-1xdm_1:1.0.5-1_all.deb
Debian11allxdm< 1:1.0.5-1xdm_1:1.0.5-1_all.deb
Debian999allxdm< 1:1.0.5-1xdm_1:1.0.5-1_all.deb
Debian12allxorg-server< 1:1.0.2-9xorg-server_1:1.0.2-9_all.deb
Debian11allxorg-server< 1:1.0.2-9xorg-server_1:1.0.2-9_all.deb
Debian999allxorg-server< 1:1.0.2-9xorg-server_1:1.0.2-9_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libx11	< 2:1.0.0-7	libx11_2:1.0.0-7_all.deb
Debian	11	all	libx11	< 2:1.0.0-7	libx11_2:1.0.0-7_all.deb
Debian	999	all	libx11	< 2:1.0.0-7	libx11_2:1.0.0-7_all.deb
Debian	13	all	libx11	< 2:1.0.0-7	libx11_2:1.0.0-7_all.deb
Debian	12	all	xdm	< 1:1.0.5-1	xdm_1:1.0.5-1_all.deb
Debian	11	all	xdm	< 1:1.0.5-1	xdm_1:1.0.5-1_all.deb
Debian	999	all	xdm	< 1:1.0.5-1	xdm_1:1.0.5-1_all.deb
Debian	12	all	xorg-server	< 1:1.0.2-9	xorg-server_1:1.0.2-9_all.deb
Debian	11	all	xorg-server	< 1:1.0.2-9	xorg-server_1:1.0.2-9_all.deb
Debian	999	all	xorg-server	< 1:1.0.2-9	xorg-server_1:1.0.2-9_all.deb