CVE DATABASE / CVE-2006-4447
CVE-2006-4447
CVSS 7.2 · HIGH
Summary
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.
CVSS 2.0 breakdown
| Base score | 7.2 (HIGH) |
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Confidentiality | COMPLETE |
| Integrity | COMPLETE |
| Availability | COMPLETE |
Affected products
X.org emu-linux-x87-xlibsX.org x11r6X.org x11r7X.org xdmX.org xf86dgaX.org xinitX.org xloadX.org xorg-serverX.org xterm
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://lists.freedesktop.org/archives/xorg/2006-June/016146.html
- http://mail.gnome.org/archives/beast/2006-December/msg00025.html
- http://secunia.com/advisories/21650
- http://secunia.com/advisories/21660
- http://secunia.com/advisories/21693
- http://secunia.com/advisories/22332
- http://secunia.com/advisories/25032
- http://secunia.com/advisories/25059
- http://security.gentoo.org/glsa/glsa-200608-25.xml
- http://security.gentoo.org/glsa/glsa-200704-22.xml
- http://www.debian.org/security/2006/dsa-1193
- http://www.kb.cert.org/vuls/id/300368
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:160
- http://www.securityfocus.com/bid/19742
- http://www.securityfocus.com/bid/23697
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.