CVE-2006-2916

Vulnerability Description

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://dot.kde.org/1150310128/Not Applicable
• http://mail.gnome.org/archives/beast/2006-December/msg00025.htmlMailing List
• http://secunia.com/advisories/20677Broken LinkVendor Advisory
• http://secunia.com/advisories/20786Broken LinkVendor Advisory
• http://secunia.com/advisories/20827Broken LinkVendor Advisory
• http://secunia.com/advisories/20868Broken LinkVendor Advisory
• http://secunia.com/advisories/20899Broken LinkVendor Advisory
• http://secunia.com/advisories/25032Broken Link
• http://secunia.com/advisories/25059Broken Link
• http://security.gentoo.org/glsa/glsa-200704-22.xmlThird Party Advisory
• http://securitytracker.com/id?1016298Broken LinkThird Party AdvisoryVDB Entry
• http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackwareMailing ListThird Party Advisory
• http://www.gentoo.org/security/en/glsa/glsa-200606-22.xmlThird Party Advisory
• http://www.kde.org/info/security/advisory-20060614-2.txtPatchVendor Advisory
• http://www.mandriva.com/security/advisories?name=MDKSA-2006:107Third Party Advisory