CVE-2006-2916
First published: Thu Jun 15 2006(Updated: )
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KDE aRts | =1.0 | |
| KDE aRts | =1.2 | |
| All of | ||
| Any of | ||
| KDE aRts | =1.0 | |
| KDE aRts | =1.2 | |
| Linux kernel | >=2.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kde.org/info/security/advisory-20060614-2.txt
- http://dot.kde.org/1150310128/
- http://www.securityfocus.com/bid/18429
- http://securitytracker.com/id?1016298
- http://secunia.com/advisories/20677
- http://www.osvdb.org/26506
- http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml
- http://secunia.com/advisories/20827
- http://secunia.com/advisories/20786
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256
- http://secunia.com/advisories/20868
- http://www.novell.com/linux/security/advisories/2006_38_security.html
- http://secunia.com/advisories/20899
- http://mail.gnome.org/archives/beast/2006-December/msg00025.html
- http://security.gentoo.org/glsa/glsa-200704-22.xml
- http://www.securityfocus.com/bid/23697
- http://secunia.com/advisories/25032
- http://secunia.com/advisories/25059
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:107
- http://www.vupen.com/english/advisories/2007/0409
- http://www.vupen.com/english/advisories/2006/2357
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27221
- http://www.securityfocus.com/archive/1/437362/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-2916?
CVE-2006-2916 is considered a high severity vulnerability due to its potential to allow local users to gain root privileges.
How do I fix CVE-2006-2916?
To mitigate CVE-2006-2916, ensure that aRts is not setuid or upgrade to newer versions of KDE aRts that address this vulnerability.
Who is affected by CVE-2006-2916?
Users running KDE aRts version 1.0 or 1.2 on Linux kernels 2.6.0 or later are affected by CVE-2006-2916.
What does CVE-2006-2916 allow attackers to do?
CVE-2006-2916 allows local users to gain root privileges by exploiting the improper handling of the setuid system call.
What is the environment in which CVE-2006-2916 is exploited?
CVE-2006-2916 is specifically exploited in environments where aRts is configured to run with setuid root permissions on vulnerable Linux kernel versions.
- agent/type
- agent/remedy
- agent/author
- agent/references
- agent/severity
- agent/softwarecombine
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- vendor/kde
- product/arts
- canonical/kde arts
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- version/kde arts/1.0
- version/kde arts/1.2
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.0