1. Home
  2. CVE Database
  3. CVE-2006-4447
HIGH · 7.2

CVE-2006-4447

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow ...

Vulnerability Description

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
X.OrgEmu-Linux-X87-Xlibs7.0_r1
X.OrgX11R66.7.0
X.OrgX11R71.0
X.OrgXdm1.0.3
X.OrgXf86Dga1.0.0
X.OrgXinit1.0.2_r5
X.OrgXload1.0.0
X.OrgXorg-Server1.02_r5
X.OrgXterm214

References

FAQ

What is CVE-2006-4447?

CVE-2006-4447 is a vulnerability with a CVSS score of 7.2 (HIGH). X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow ...

How severe is CVE-2006-4447?

CVE-2006-4447 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-4447?

Check the references section above for vendor advisories and patch information. Affected products include: X.Org Emu-Linux-X87-Xlibs, X.Org X11R6, X.Org X11R7, X.Org Xdm, X.Org Xf86Dga.