Lucene search

[email protected]NVD:CVE-2006-2916

HistoryJun 15, 2006 - 10:02 a.m.

CVE-2006-2916

2006-06-1510:02:00

CWE-273

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:S/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

25.3%

JSON

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

Affected configurations

Nvd

Node

kdeartsMatch1.0

kdeartsMatch1.2

AND

linuxlinux_kernelRange2.6.0≥

VendorProductVersionCPE
kdearts1.0cpe:2.3:a:kde:arts:1.0:*:*:*:*:*:*:*
kdearts1.2cpe:2.3:a:kde:arts:1.2:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kde	arts	1.0	cpe:2.3:a:kde:arts:1.0:::::::*
kde	arts	1.2	cpe:2.3:a:kde:arts:1.2:::::::*
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

dot.kde.org/1150310128/

mail.gnome.org/archives/beast/2006-December/msg00025.html

secunia.com/advisories/20677

secunia.com/advisories/20786

secunia.com/advisories/20827

secunia.com/advisories/20868

secunia.com/advisories/20899

secunia.com/advisories/25032

secunia.com/advisories/25059

security.gentoo.org/glsa/glsa-200704-22.xml

securitytracker.com/id?1016298

slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256

www.gentoo.org/security/en/glsa/glsa-200606-22.xml

www.kde.org/info/security/advisory-20060614-2.txt

www.mandriva.com/security/advisories?name=MDKSA-2006:107

www.novell.com/linux/security/advisories/2006_38_security.html

www.osvdb.org/26506

www.securityfocus.com/archive/1/437362/100/0/threaded

www.securityfocus.com/bid/18429

www.securityfocus.com/bid/23697

www.vupen.com/english/advisories/2006/2357

www.vupen.com/english/advisories/2007/0409

exchange.xforce.ibmcloud.com/vulnerabilities/27221

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:S/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

25.3%

JSON

Related for NVD:CVE-2006-2916

ubuntucve1 nessus6 gentoo2 cve1 openvas6 slackware1 cvelist1 redhatcve1 prion1 securityvulns1