Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-2916

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

Published

2006-06-15T10:02:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

1.5

Impact Score

10.0

Weaknesses

Type: Primary
CWE-273

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	kde	arts	1.0	Yes
Application	kde	arts	1.2	Yes
Operating System	linux	linux_kernel	≥ 2.6.0	No

References

http://dot.kde.org/1150310128/ Not Applicable ([email protected])
http://mail.gnome.org/archives/beast/2006-December/msg00025.html Mailing List ([email protected])
http://secunia.com/advisories/20677 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/20786 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/20827 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/20868 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/20899 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/25032 Broken Link ([email protected])
http://secunia.com/advisories/25059 Broken Link ([email protected])
http://security.gentoo.org/glsa/glsa-200704-22.xml Third Party Advisory ([email protected])
http://securitytracker.com/id?1016298 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256 Mailing List, Third Party Advisory ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml Third Party Advisory ([email protected])
http://www.kde.org/info/security/advisory-20060614-2.txt Patch, Vendor Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2006:107 Third Party Advisory ([email protected])
http://www.novell.com/linux/security/advisories/2006_38_security.html Broken Link ([email protected])
http://www.osvdb.org/26506 Broken Link ([email protected])
http://www.securityfocus.com/archive/1/437362/100/0/threaded Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/18429 Broken Link, Patch, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/23697 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2006/2357 Broken Link ([email protected])
http://www.vupen.com/english/advisories/2007/0409 Broken Link ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/27221 Third Party Advisory, VDB Entry ([email protected])
http://dot.kde.org/1150310128/ Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://mail.gnome.org/archives/beast/2006-December/msg00025.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20677 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20786 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20827 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20868 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20899 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25032 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25059 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200704-22.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1016298 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.kde.org/info/security/advisory-20060614-2.txt Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:107 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2006_38_security.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/26506 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/437362/100/0/threaded Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/18429 Broken Link, Patch, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/23697 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/2357 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/0409 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27221 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)