CVE-2006-0745

Severity

72%

Complexity

39%

Confidentiality

165%

X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 18 years ago

2006-03-21 02:06:00

Last updated 6 years ago

2018-10-19 15:46:00

Affected Software

MandrakeSoft Mandrake Linux 2006.0

2006

References

19256

19307

19311

19316

19676

606

1015793

102252

http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm

MDKSA-2006:056

SUSE-SA:2006:016

24000

24001

FEDORA-2006-172

20060320 [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0

20060320 Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0

17169

Exploit, Patch

ADV-2006-1017

ADV-2006-1028

xorg-geteuid-privilege-escalation(25341)

oval:org.mitre.oval:def:1697

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.