Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-0745 | First vendor Publication | 2006-03-20 |
Vendor | Cve | Last vendor Modification | 2018-10-19 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0745 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1697 | |||
Oval ID: | oval:org.mitre.oval:def:1697 | ||
Title: | X.Org Privilege Escalation Vulnerability in X11R6.9, X11R7.0 | ||
Description: | X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-0745 | Version: | 3 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 2 | |
Os | 2 | |
Os | 1 | |
Os | 1 | |
Os | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2008-09-04 | Name : FreeBSD Ports: xorg-server File : nvt/freebsd_xorg-server.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
24001 | X.Org / X11 -logfile Parameter Arbitrary File Overwrite Freedesktop.org Xorg server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the xorg server does not properly verify the user id of the user allowing non root users access to the -logfile parameter. This then allows them to overwrite arbitrary files on the system and may lead to a loss of Integrity. |
24000 | X.Org / X11 -modulepath Parameter Privileged Code Execution Freedesktop.org Xorg server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the xorg server does not properly verify the user id of the user allowing non root users access to the -modulepath parameter allowing them to execute arbitrary code on the system. This flaw may lead to a loss of Integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_61534682b8f411da8e62000e0c33c2dc.nasl - Type : ACT_GATHER_INFO |
2006-03-23 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_016.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-172.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-056.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:03:43 |
|
2021-04-22 01:04:15 |
|
2020-05-23 00:17:25 |
|
2018-10-19 21:19:46 |
|
2017-10-11 09:23:38 |
|
2017-07-20 09:23:22 |
|
2016-06-28 15:37:21 |
|
2016-04-26 14:18:49 |
|
2014-02-17 10:34:42 |
|
2013-05-11 10:49:27 |
|