Vulnerability Details : CVE-2006-4447
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.
Exploit prediction scoring system (EPSS) score for CVE-2006-4447
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 24 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-4447
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
Vendor statements for CVE-2006-4447
-
Red Hat 2006-09-12Not Vulnerable. This issue does not exist in Red Hat Enterprise Linux 2.1 or 3. This issue not exploitable in Red Hat Enterprise Linux 4. A detailed analysis of this issue can be found in the Red Hat Bug Tracking System: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195555
-
http://www.securityfocus.com/bid/19742
-
http://security.gentoo.org/glsa/glsa-200608-25.xml
Patch;Vendor Advisory
-
http://lists.freedesktop.org/archives/xorg/2006-June/016146.html
Patch
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:160
-
http://security.gentoo.org/glsa/glsa-200704-22.xml
BEAST: Denial of service (GLSA 200704-22) — Gentoo security
-
http://mail.gnome.org/archives/beast/2006-December/msg00025.html
ANNOUNCE: BEAST/BSE v0.7.1
-
http://www.kb.cert.org/vuls/id/300368
US Government Resource
-
http://www.vupen.com/english/advisories/2007/0409
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.vupen.com/english/advisories/2006/3409
- http://www.debian.org/security/2006/dsa-1193
- http://www.securityfocus.com/bid/23697
- cpe:2.3:a:x.org:xterm:214:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r6:6.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r7:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r7:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r7:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:emu-linux-x87-xlibs:7.0_r1:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xdm:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xf86dga:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xinit:1.0.2_r5:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xload:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xorg-server:1.02_r5:*:*:*:*:*:*:*