1. Home
  2. CVE Database
  3. CVE-2006-0745
HIGH · 7.2

CVE-2006-0745

X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users ...

Vulnerability Description

X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
X.OrgX11R66.9
X.OrgX11R71.0
MandrakesoftMandrake Linux2006
RedhatFedora Corecore_5.0
SunSolaris10.0
SuseSuse Linux10.0

References

FAQ

What is CVE-2006-0745?

CVE-2006-0745 is a vulnerability with a CVSS score of 7.2 (HIGH). X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users ...

How severe is CVE-2006-0745?

CVE-2006-0745 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-0745?

Check the references section above for vendor advisories and patch information. Affected products include: X.Org X11R6, X.Org X11R7, Mandrakesoft Mandrake Linux, Redhat Fedora Core, Sun Solaris.