CVE-2006-0745 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-0745
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-0745

Description: X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/25341 SUSE http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1 ST 1015793 SREASON http://securityreason.com/securityalert/606 SAID Secunia Advisory: SA19311 Secunia Advisory: SA19256 Secunia Advisory: SA19307 Secunia Advisory: SA19316 Secunia Advisory: SA19676 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1697 OSVDB 24000 24001 MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:056 FEDORA http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/428230/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/428183/100/0/threaded BID 17169

Return to the previous page.