CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
25.5%
X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0
inadvertently treats the address of the geteuid function as if it is the
return value of a call to geteuid, which allows local users to bypass
intended restrictions and (1) execute arbitrary code via the -modulepath
command line option or (2) overwrite arbitrary files via -logfile.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | xorg-server | < 1.0.2-0ubuntu10.7 | UNKNOWN |
ubuntu | 6.10 | noarch | xorg-server | < 1.1.1-0ubuntu12.2 | UNKNOWN |
ubuntu | 7.04 | noarch | xorg-server | < 1.2.0-3ubuntu8 | UNKNOWN |