CVE-2006-2916 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-2916
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-2916

Description: artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/27221 SUSE http://www.novell.com/linux/security/advisories/2006_38_security.html ST 1016298 SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256 SAID Secunia Advisory: SA20827 Secunia Advisory: SA20677 Secunia Advisory: SA20786 Secunia Advisory: SA20868 Secunia Advisory: SA20899 Secunia Advisory: SA25032 Secunia Advisory: SA25059 OSVDB 26506 MLIST http://mail.gnome.org/archives/beast/2006-December/msg00025.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:107 GENTOO http://security.gentoo.org/glsa/glsa-200704-22.xml http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml CONFIRM http://dot.kde.org/1150310128/ http://www.kde.org/info/security/advisory-20060614-2.txt BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/437362/100/0/threaded BID 18429 23697

Return to the previous page.