Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2006-0745

Disclosure Date: March 21, 2006
CVE-2006-0745
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • mandrakesoft,
  • redhat,
  • sun,
  • suse,
  • x.org

Products

  • fedora core core 5.0,
  • mandrake linux 2006,
  • solaris 10.0,
  • suse linux 10.0,
  • x11r6 6.9,
  • x11r7 1.0,
  • x11r7 1.0.1

References

Canonical
CVE-2006-0745 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0745)
BID-17169 (http://www.securityfocus.com/bid/17169)
Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:056
20060320 Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 (http://www.securityfocus.com/archive/1/428230/100/0/threaded)
XF-xorg-geteuid-privilege-escalation(25341) (https://exchange.xforce.ibmcloud.com/vulnerabilities/25341)
FEDORA-2006-172 (http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html)
http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm
20060320 [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 (http://www.securityfocus.com/archive/1/428183/100/0/threaded)
SECTRACK-1015793 (http://securitytracker.com/id?1015793)
SECUNIA-19256 (http://secunia.com/advisories/19256)
SUNALERT-102252 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1)
OSVDB-24000 (http://www.osvdb.org/24000)
SECUNIA-19676 (http://secunia.com/advisories/19676)
SECUNIA-19316 (http://secunia.com/advisories/19316)
OSVDB-24001 (http://www.osvdb.org/24001)
ADV-2006-1017 (http://www.vupen.com/english/advisories/2006/1017)
SREASON-606 (http://securityreason.com/securityalert/606)
http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html
ADV-2006-1028 (http://www.vupen.com/english/advisories/2006/1028)
SECUNIA-19307 (http://secunia.com/advisories/19307)
SECUNIA-19311 (http://secunia.com/advisories/19311)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis