1. Home
  2. CVE Database
  3. CVE-2006-6730
MEDIUM · 6.6

CVE-2006-6730

OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System ...

Vulnerability Description

OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86 (aka the video card memory-mapped I/O range), and then launching the new handler via a System Management Interrupt (SMI), as demonstrated by a write to Programmed I/O port 0xB2.

CVSS Score

6.6

MEDIUM

AV:L/AC:M/Au:S/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
NetbsdNetbsd2.0.4
OpenbsdOpenbsdAll versions

References

FAQ

What is CVE-2006-6730?

CVE-2006-6730 is a vulnerability with a CVSS score of 6.6 (MEDIUM). OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System ...

How severe is CVE-2006-6730?

CVE-2006-6730 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-6730?

Check the references section above for vendor advisories and patch information. Affected products include: Netbsd Netbsd, Openbsd Openbsd.