CVE DATABASE / CVE-2006-2916
CVE-2006-2916
CVSS 7.8 · HIGH
Summary
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.
CVSS 3.1 breakdown
| Base score | 7.8 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Kde artsLinux linux kernel
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://dot.kde.org/1150310128/
- http://mail.gnome.org/archives/beast/2006-December/msg00025.html
- http://secunia.com/advisories/20677
- http://secunia.com/advisories/20786
- http://secunia.com/advisories/20827
- http://secunia.com/advisories/20868
- http://secunia.com/advisories/20899
- http://secunia.com/advisories/25032
- http://secunia.com/advisories/25059
- http://security.gentoo.org/glsa/glsa-200704-22.xml
- http://securitytracker.com/id?1016298
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256
- http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml
- http://www.kde.org/info/security/advisory-20060614-2.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:107
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.