Search
Find a vulnerability
Search criteria
2 vulnerabilities found for xinit by x.org
CVE-2006-4447 (GCVE-0-2006-4447)
Vulnerability from nvd – Published: 2006-08-30 01:00 – Updated: 2024-08-07 19:14
VLAI
Summary
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2006-06-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:46.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21660"
},
{
"name": "MDKSA-2006:160",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:160"
},
{
"name": "[xorg] 20060620 X.Org security advisory: setuid return value check problems",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/xorg/2006-June/016146.html"
},
{
"name": "VU#300368",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/300368"
},
{
"name": "ADV-2006-3409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3409"
},
{
"name": "21693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21693"
},
{
"name": "DSA-1193",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1193"
},
{
"name": "GLSA-200704-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-22.xml"
},
{
"name": "22332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22332"
},
{
"name": "ADV-2007-0409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0409"
},
{
"name": "GLSA-200608-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-25.xml"
},
{
"name": "23697",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23697"
},
{
"name": "25059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25059"
},
{
"name": "25032",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25032"
},
{
"name": "[beast] 20061228 ANNOUNCE: BEAST/BSE v0.7.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/beast/2006-December/msg00025.html"
},
{
"name": "19742",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19742"
},
{
"name": "21650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21650"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-09-07T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21660"
},
{
"name": "MDKSA-2006:160",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:160"
},
{
"name": "[xorg] 20060620 X.Org security advisory: setuid return value check problems",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/xorg/2006-June/016146.html"
},
{
"name": "VU#300368",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/300368"
},
{
"name": "ADV-2006-3409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3409"
},
{
"name": "21693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21693"
},
{
"name": "DSA-1193",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1193"
},
{
"name": "GLSA-200704-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-22.xml"
},
{
"name": "22332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22332"
},
{
"name": "ADV-2007-0409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0409"
},
{
"name": "GLSA-200608-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-25.xml"
},
{
"name": "23697",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23697"
},
{
"name": "25059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25059"
},
{
"name": "25032",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25032"
},
{
"name": "[beast] 20061228 ANNOUNCE: BEAST/BSE v0.7.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.gnome.org/archives/beast/2006-December/msg00025.html"
},
{
"name": "19742",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19742"
},
{
"name": "21650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21650"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21660"
},
{
"name": "MDKSA-2006:160",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:160"
},
{
"name": "[xorg] 20060620 X.Org security advisory: setuid return value check problems",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/xorg/2006-June/016146.html"
},
{
"name": "VU#300368",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/300368"
},
{
"name": "ADV-2006-3409",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3409"
},
{
"name": "21693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21693"
},
{
"name": "DSA-1193",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1193"
},
{
"name": "GLSA-200704-22",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200704-22.xml"
},
{
"name": "22332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22332"
},
{
"name": "ADV-2007-0409",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0409"
},
{
"name": "GLSA-200608-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-25.xml"
},
{
"name": "23697",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23697"
},
{
"name": "25059",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25059"
},
{
"name": "25032",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25032"
},
{
"name": "[beast] 20061228 ANNOUNCE: BEAST/BSE v0.7.1",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/beast/2006-December/msg00025.html"
},
{
"name": "19742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19742"
},
{
"name": "21650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21650"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4447",
"datePublished": "2006-08-30T01:00:00.000Z",
"dateReserved": "2006-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:14:46.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4447 (GCVE-0-2006-4447)
Vulnerability from cvelistv5 – Published: 2006-08-30 01:00 – Updated: 2024-08-07 19:14
VLAI
Summary
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2006-06-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:46.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21660"
},
{
"name": "MDKSA-2006:160",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:160"
},
{
"name": "[xorg] 20060620 X.Org security advisory: setuid return value check problems",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/xorg/2006-June/016146.html"
},
{
"name": "VU#300368",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/300368"
},
{
"name": "ADV-2006-3409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3409"
},
{
"name": "21693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21693"
},
{
"name": "DSA-1193",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1193"
},
{
"name": "GLSA-200704-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-22.xml"
},
{
"name": "22332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22332"
},
{
"name": "ADV-2007-0409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0409"
},
{
"name": "GLSA-200608-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-25.xml"
},
{
"name": "23697",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23697"
},
{
"name": "25059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25059"
},
{
"name": "25032",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25032"
},
{
"name": "[beast] 20061228 ANNOUNCE: BEAST/BSE v0.7.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/beast/2006-December/msg00025.html"
},
{
"name": "19742",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19742"
},
{
"name": "21650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21650"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-09-07T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21660"
},
{
"name": "MDKSA-2006:160",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:160"
},
{
"name": "[xorg] 20060620 X.Org security advisory: setuid return value check problems",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/xorg/2006-June/016146.html"
},
{
"name": "VU#300368",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/300368"
},
{
"name": "ADV-2006-3409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3409"
},
{
"name": "21693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21693"
},
{
"name": "DSA-1193",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1193"
},
{
"name": "GLSA-200704-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-22.xml"
},
{
"name": "22332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22332"
},
{
"name": "ADV-2007-0409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0409"
},
{
"name": "GLSA-200608-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-25.xml"
},
{
"name": "23697",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23697"
},
{
"name": "25059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25059"
},
{
"name": "25032",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25032"
},
{
"name": "[beast] 20061228 ANNOUNCE: BEAST/BSE v0.7.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.gnome.org/archives/beast/2006-December/msg00025.html"
},
{
"name": "19742",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19742"
},
{
"name": "21650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21650"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21660"
},
{
"name": "MDKSA-2006:160",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:160"
},
{
"name": "[xorg] 20060620 X.Org security advisory: setuid return value check problems",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/xorg/2006-June/016146.html"
},
{
"name": "VU#300368",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/300368"
},
{
"name": "ADV-2006-3409",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3409"
},
{
"name": "21693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21693"
},
{
"name": "DSA-1193",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1193"
},
{
"name": "GLSA-200704-22",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200704-22.xml"
},
{
"name": "22332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22332"
},
{
"name": "ADV-2007-0409",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0409"
},
{
"name": "GLSA-200608-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-25.xml"
},
{
"name": "23697",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23697"
},
{
"name": "25059",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25059"
},
{
"name": "25032",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25032"
},
{
"name": "[beast] 20061228 ANNOUNCE: BEAST/BSE v0.7.1",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/beast/2006-December/msg00025.html"
},
{
"name": "19742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19742"
},
{
"name": "21650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21650"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4447",
"datePublished": "2006-08-30T01:00:00.000Z",
"dateReserved": "2006-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:14:46.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}