CVE-2006-4447 — Xf86dga vulnerability

6 documents6 sources

Severity

7.2HIGHNVD

EPSS

0.2%

top 60.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Libx11 X.org XDM X.org Xorg-server +7 more

Timeline

PublishedAug 30

Latest updateMay 1

Description

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages12 packages

▶Debianx.org/libx11< 2:1.0.0-7+3

▶NVDx.org/xinit1.0.2_r5

▶NVDx.org/xload1.0.0

▶NVDx.org/xterm214

▶NVDx.org/xf86dga1.0.0

Patches

Patch: lists.freedesktop.org ↗Patch: secunia.com ↗Patch: security.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-3cp9-g7w3-6jqq: X↗2022-05-01

▶

OSV

CVE-2006-4447: X↗2006-08-30

▶

CVEList

CVE-2006-4447: X↗2006-08-30

▶

📋Vendor Advisories

Debian

CVE-2006-4447: libx11 - X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xte...↗2006

▶

Red Hat

CVE-2006-4447: X↗

▶