Linux Distros Unpatched Vulnerability : CVE-2006-4447

🗓️ 24 Aug 2025 00:00:00Reported by TenableType

X.Org and XFree86 may fail to drop privileges, enabling local privilege escalation (CVE-2006-4447).

Reporter	Title	Published	Views	Family All 23
CVE	CVE-2006-4447	30 Aug 200601:00	–	cve
Cvelist	CVE-2006-4447	30 Aug 200601:00	–	cvelist
Debian	[SECURITY] [DSA 1193-1] New XFree86 packages fix several vulnerabilities	9 Oct 200616:58	–	debian
Debian CVE	CVE-2006-4447	30 Aug 200601:00	–	debiancve
Tenable Nessus	Debian DSA-1193-1 : xfree86 - several vulnerabilities	14 Oct 200600:00	–	nessus
Tenable Nessus	GLSA-200608-25 : X.org and some X.org libraries: Local privilege escalations	30 Aug 200600:00	–	nessus
Tenable Nessus	GLSA-200704-22 : BEAST: Denial of Service	30 Apr 200700:00	–	nessus
Tenable Nessus	Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:160)	16 Dec 200600:00	–	nessus
EUVD	EUVD-2006-4435	7 Oct 202500:30	–	euvd
Gentoo Linux	X.org and some X.org libraries: Local privilege escalations	28 Aug 200600:00	–	gentoo

Source	Link
security-tracker	www.security-tracker.debian.org/tracker/CVE-2006-4447
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(254125);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/28");

  script_cve_id("CVE-2006-4447");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2006-4447");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the
    return values for setuid and seteuid calls when attempting to drop privileges, which might allow local
    users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. (CVE-2006-4447)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-4447");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2006-4447");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:13.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:14.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xterm");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Debian Linux-11", "Host/OS/Debian Linux-12", "Host/OS/Debian Linux-13", "Host/OS/Debian Linux-14");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Debian Linux-11": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "11",
        "pkgs": [
          {"reference": "xterm"}
        ]
      }
    ]
  },
  "Debian Linux-12": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "12",
        "pkgs": [
          {"reference": "xterm"}
        ]
      }
    ]
  },
  "Debian Linux-13": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "13",
        "pkgs": [
          {"reference": "xterm"}
        ]
      }
    ]
  },
  "Debian Linux-14": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14",
        "pkgs": [
          {"reference": "xterm"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

28 Apr 2026 00:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 27.2

EPSS0.00132