CVE-2006-4447

2006-08-3001:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-4447

x.org

xfree86

libx11

xdm

xf86dga

xinit

xload

xtrans

xterm

privilege escalation

ulimit

nvd

6.4 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.1%

JSON

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.

CPENameOperatorVersion
x.org:x11r6x.org x11r6eq6.8.1
x.org:x11r7x.org x11r7eq1.0.2
x.org:xinitx.org xiniteq1.0.2_r5
x.org:x11r7x.org x11r7eq1.0
x.org:xloadx.org xloadeq1.0.0
x.org:xtermx.org xtermeq214
x.org:x11r6x.org x11r6eq6.7.0
x.org:x11r7x.org x11r7eq1.0.1
x.org:x11r6x.org x11r6eq6.8.2
x.org:xdmx.org xdmeq1.0.3

CPE	Name	Operator	Version
x.org:x11r6	x.org x11r6	eq	6.8.1
x.org:x11r7	x.org x11r7	eq	1.0.2
x.org:xinit	x.org xinit	eq	1.0.2_r5
x.org:x11r7	x.org x11r7	eq	1.0
x.org:xload	x.org xload	eq	1.0.0
x.org:xterm	x.org xterm	eq	214
x.org:x11r6	x.org x11r6	eq	6.7.0
x.org:x11r7	x.org x11r7	eq	1.0.1
x.org:x11r6	x.org x11r6	eq	6.8.2
x.org:xdm	x.org xdm	eq	1.0.3