Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2006-2916

Опубликовано: 21 янв. 2024
Источник: redhat
CVSS3: 6.7
EPSS Низкий

Описание

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

A vulnerability was found in artswrapper in aRts. When running a setuid root, it does not check the return value of the setuid function call. This flaw allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

Отчет

Not vulnerable. We do not ship aRts as setuid root on Red Hat Enterprise Linux 2.1, 3, or 4.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6artsNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-273
https://bugzilla.redhat.com/show_bug.cgi?id=2259536arts: does not check the return value of the setuid which prevents artsd from dropping privileges

EPSS

Процентиль: 36%
0.00145
Низкий

6.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2006-2916

CVSS3: 7.8
ubuntu
около 19 лет назад

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

nvd логотип

CVE-2006-2916

CVSS3: 7.8
nvd
около 19 лет назад

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

debian логотип

CVE-2006-2916

CVSS3: 7.8
debian
около 19 лет назад

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later ...

github логотип

GHSA-4532-mwp5-jccg

CVSS3: 7.8
github
больше 3 лет назад

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

fstec логотип

BDU:2015-09515

fstec
около 19 лет назад

Уязвимости операционной системы Gentoo Linux, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 36%
0.00145
Низкий

6.7 Medium

CVSS3