CVE-2006-2916
First published: Thu Jun 15 2006(Updated: )
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KDE aRts | =1.0 | |
| KDE aRts | =1.2 | |
| All of | ||
| Any of | ||
| KDE aRts | =1.0 | |
| KDE aRts | =1.2 | |
| Linux Kernel | >=2.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kde.org/info/security/advisory-20060614-2.txt
- http://dot.kde.org/1150310128/
- http://www.securityfocus.com/bid/18429
- http://securitytracker.com/id?1016298
- http://secunia.com/advisories/20677
- http://www.osvdb.org/26506
- http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml
- http://secunia.com/advisories/20827
- http://secunia.com/advisories/20786
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256
- http://secunia.com/advisories/20868
- http://www.novell.com/linux/security/advisories/2006_38_security.html
- http://secunia.com/advisories/20899
- http://mail.gnome.org/archives/beast/2006-December/msg00025.html
- http://security.gentoo.org/glsa/glsa-200704-22.xml
- http://www.securityfocus.com/bid/23697
- http://secunia.com/advisories/25032
- http://secunia.com/advisories/25059
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:107
- http://www.vupen.com/english/advisories/2007/0409
- http://www.vupen.com/english/advisories/2006/2357
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27221
- http://www.securityfocus.com/archive/1/437362/100/0/threaded
- agent/type
- agent/remedy
- agent/author
- agent/references
- agent/severity
- agent/softwarecombine
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- vendor/kde
- product/arts
- canonical/kde arts
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- version/kde arts/1.0
- version/kde arts/1.2
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.0