CVE-2006-2916

high

Description

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27221

http://www.mandriva.com/security/advisories?name=MDKSA-2006:107

http://www.kde.org/info/security/advisory-20060614-2.txt

http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256

http://security.gentoo.org/glsa/glsa-200704-22.xml

http://mail.gnome.org/archives/beast/2006-December/msg00025.html

http://dot.kde.org/1150310128/

Details

Source: Mitre, NVD

Published: 2006-06-15

Updated: 2024-01-21

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High