Privilege Escalation Vulnerability in aRts by KDE
CVE-2006-2916

7.8HIGH

Key Information:

Vendor

Kde

Status
Arts
Vendor
CVE Published:
15 June 2006

What is CVE-2006-2916?

The aRts audio rendering system in KDE has a vulnerability where the artswrapper component, when executed with setuid root on Linux 2.6.0 or later, fails to properly check the return value of the setuid function. This oversight may allow local users to bypass security measures, enabling them to escalate their privileges and gain unauthorized access to system resources. As a result, the artsd process may not drop privileges as intended, posing a significant risk to system security.

References

http://www.vupen.com/english/advisories/2006/2357
vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/20899
third-party-advisoryx_refsource_SECUNIA
http://www.osvdb.org/26506
vdb-entryx_refsource_OSVDB

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.