Multiple X.Org Products SetUID Local Privilege Escalation Vulnerability

Bugtraq ID: 19742
Class: Design Error
CVE: CVE-2006-4447
Remote: No
Local: Yes
Published: Jun 30 2006 12:00AM
Updated: Jan 30 2007 10:58PM
Credit: Matthieu Herrb has been credited with the discovery of this vulnerability.
Vulnerable: X.org xterm 214
X.org xorg-server 1.02-r5
X.org xload 1.0.0
X.org xinit 1.0.2-r5
X.org xf86dga 1.0.0
X.org xdm 1.0.3
X.org X11R7 1.0.2
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
X.org X11R7 1.0.1
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
X.org X11R7 1.0
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
X.org X11R6 6.8.2
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
X.org X11R6 6.8.1
X.org X11R6 6.8
X.org X11R6 6.7 .0
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ SCO Unixware 7.1.4
+ SCO Unixware 7.1.3 up
+ SCO Unixware 7.1.3
+ SCO Unixware 7.1.1
X.org X.org 6.9
X.org emu-linux-x87-xlibs 7.0-r1
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Operating System Enterprise Server 2.0
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Not Vulnerable: X.org xtrans 1.0.0-r1
X.org xterm 215
X.org xorg-server 1.0.2-r6
X.org xload 1.0.1-r1
X.org xinit 1.0.2-r6
X.org xf86dga 1.0.1-r1
X.org xdm 1.0.4-R1
X.org X11R6 6.9
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
X.org libx11 1.0.1-r1
X.org emu-linux-x86-xlibs 7.0-r2
BEAST/BSE BEAST/BSE 0.7.1


 

Privacy Statement
Copyright 2010, SecurityFocus