Lucene search

PRIOn knowledge basePRION:CVE-2006-2916

HistoryJun 15, 2006 - 10:02 a.m.

Design/Logic Flaw

2006-06-1510:02:00

PRIOn knowledge base

www.prio-n.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

23.1%

JSON

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

CPENameOperatorVersion
artseq1.0
artseq1.2

CPE	Name	Operator	Version
	arts	eq	1.0
	arts	eq	1.2

References

dot.kde.org/1150310128/

mail.gnome.org/archives/beast/2006-December/msg00025.html

secunia.com/advisories/20677

secunia.com/advisories/20786

secunia.com/advisories/20827

secunia.com/advisories/20868

secunia.com/advisories/20899

secunia.com/advisories/25032

secunia.com/advisories/25059

security.gentoo.org/glsa/glsa-200704-22.xml

securitytracker.com/id?1016298

slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256

www.gentoo.org/security/en/glsa/glsa-200606-22.xml

www.kde.org/info/security/advisory-20060614-2.txt

www.mandriva.com/security/advisories?name=MDKSA-2006:107

www.novell.com/linux/security/advisories/2006_38_security.html

www.osvdb.org/26506

www.securityfocus.com/archive/1/437362/100/0/threaded

www.securityfocus.com/bid/18429

www.securityfocus.com/bid/23697

www.vupen.com/english/advisories/2006/2357

www.vupen.com/english/advisories/2007/0409

exchange.xforce.ibmcloud.com/vulnerabilities/27221

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

23.1%

JSON

Related for PRION:CVE-2006-2916