Privilege Escalation in X.Org and XFree86 by Vendor X
CVE-2006-4447

Currently unrated

Key Information:

Vendor: X.org
Status: X11r6; X11r7; Xinit; Xload
Vendor: CVE Published:; 30 August 2006

What is CVE-2006-4447?

Local users can exploit the inadequacy in the handling of return values from setuid and seteuid system calls within X.Org and XFree86 components. This allows attackers to potentially escalate their privileges by triggering failures in these calls, particularly by manipulating system limits such as ulimit. This vulnerability affects various components including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, highlighting the importance of privilege management in Unix-based systems.

References

http://secunia.com/advisories/21660

third-party-advisoryx_refsource_SECUNIA

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://lists.freedesktop.org/archives/xorg/2006-June/0161...

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 30, 2006
Vulnerability Reserved
Aug 29, 2006

X.org

What is CVE-2006-4447?

References

Timeline