cvelistv5 - cve-2006-0745

CVE-2006-0745 (GCVE-0-2006-0745)

Vulnerability from cvelistv5 – Published: 2006-03-21 02:00 – Updated: 2024-08-07 16:48

Summary

X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.securityfocus.com/archive/1/428230/100…	mailing-listx_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.redhat.com/archives/fedora-announce-li…	vendor-advisoryx_refsource_FEDORA
	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/428183/100…	mailing-listx_refsource_BUGTRAQ
	http://securitytracker.com/id?1015793	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/19256	third-party-advisoryx_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://www.osvdb.org/24000	vdb-entryx_refsource_OSVDB
	http://secunia.com/advisories/19676	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/19316	third-party-advisoryx_refsource_SECUNIA
	http://www.osvdb.org/24001	vdb-entryx_refsource_OSVDB
	http://www.vupen.com/english/advisories/2006/1017	vdb-entryx_refsource_VUPEN
	http://securityreason.com/securityalert/606	third-party-advisoryx_refsource_SREASON
	http://www.securityfocus.com/bid/17169	vdb-entryx_refsource_BID
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	http://www.vupen.com/english/advisories/2006/1028	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/19307	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/19311	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:48:55.745Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDKSA-2006:056",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:056"
          },
          {
            "name": "20060320 Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/428230/100/0/threaded"
          },
          {
            "name": "xorg-geteuid-privilege-escalation(25341)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25341"
          },
          {
            "name": "FEDORA-2006-172",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm"
          },
          {
            "name": "20060320 [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/428183/100/0/threaded"
          },
          {
            "name": "1015793",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015793"
          },
          {
            "name": "19256",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19256"
          },
          {
            "name": "102252",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1"
          },
          {
            "name": "24000",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/24000"
          },
          {
            "name": "19676",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19676"
          },
          {
            "name": "19316",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19316"
          },
          {
            "name": "24001",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/24001"
          },
          {
            "name": "ADV-2006-1017",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1017"
          },
          {
            "name": "606",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/606"
          },
          {
            "name": "17169",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17169"
          },
          {
            "name": "SUSE-SA:2006:016",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html"
          },
          {
            "name": "ADV-2006-1028",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1028"
          },
          {
            "name": "19307",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19307"
          },
          {
            "name": "19311",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19311"
          },
          {
            "name": "oval:org.mitre.oval:def:1697",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-03-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "MDKSA-2006:056",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:056"
        },
        {
          "name": "20060320 Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/428230/100/0/threaded"
        },
        {
          "name": "xorg-geteuid-privilege-escalation(25341)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25341"
        },
        {
          "name": "FEDORA-2006-172",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm"
        },
        {
          "name": "20060320 [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/428183/100/0/threaded"
        },
        {
          "name": "1015793",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015793"
        },
        {
          "name": "19256",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19256"
        },
        {
          "name": "102252",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1"
        },
        {
          "name": "24000",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/24000"
        },
        {
          "name": "19676",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19676"
        },
        {
          "name": "19316",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19316"
        },
        {
          "name": "24001",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/24001"
        },
        {
          "name": "ADV-2006-1017",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1017"
        },
        {
          "name": "606",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/606"
        },
        {
          "name": "17169",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17169"
        },
        {
          "name": "SUSE-SA:2006:016",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html"
        },
        {
          "name": "ADV-2006-1028",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1028"
        },
        {
          "name": "19307",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19307"
        },
        {
          "name": "19311",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19311"
        },
        {
          "name": "oval:org.mitre.oval:def:1697",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2006-0745",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDKSA-2006:056",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:056"
            },
            {
              "name": "20060320 Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/428230/100/0/threaded"
            },
            {
              "name": "xorg-geteuid-privilege-escalation(25341)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25341"
            },
            {
              "name": "FEDORA-2006-172",
              "refsource": "FEDORA",
              "url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm"
            },
            {
              "name": "20060320 [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/428183/100/0/threaded"
            },
            {
              "name": "1015793",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015793"
            },
            {
              "name": "19256",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19256"
            },
            {
              "name": "102252",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1"
            },
            {
              "name": "24000",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/24000"
            },
            {
              "name": "19676",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19676"
            },
            {
              "name": "19316",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19316"
            },
            {
              "name": "24001",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/24001"
            },
            {
              "name": "ADV-2006-1017",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1017"
            },
            {
              "name": "606",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/606"
            },
            {
              "name": "17169",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17169"
            },
            {
              "name": "SUSE-SA:2006:016",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html"
            },
            {
              "name": "ADV-2006-1028",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1028"
            },
            {
              "name": "19307",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19307"
            },
            {
              "name": "19311",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19311"
            },
            {
              "name": "oval:org.mitre.oval:def:1697",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-0745",
    "datePublished": "2006-03-21T02:00:00",
    "dateReserved": "2006-02-17T00:00:00",
    "dateUpdated": "2024-08-07T16:48:55.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:x.org:x11r6:6.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F9809AF-75A2-4E08-9E41-EE9DB960E789\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:x.org:x11r7:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D02D3FA8-EDCD-4A3C-81CF-FC09633270DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:x.org:x11r7:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3D35005-EEB1-4FA1-95B5-EFF2ABC31AD3\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"597094EC-D23F-4EC4-A140-96F287679124\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:x86_64:*:*:*:*:*\", \"matchCriteriaId\": \"07EC6C5A-33C9-456A-A8C9-0DF67C76041E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA3B94B6-A5E4-4432-802E-BFAD7F3B5B4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*\", \"matchCriteriaId\": \"0C0C3793-E011-4915-8F86-CE622A2D37D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:suse:suse_linux:10.0:*:oss:*:*:*:*:*\", \"matchCriteriaId\": \"16915004-1006-41D6-9E42-D1A5041E442D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.\"}]",
      "id": "CVE-2006-0745",
      "lastModified": "2024-11-21T00:07:14.433",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-03-21T02:06:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/19256\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/19307\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/19311\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/19316\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/19676\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://securityreason.com/securityalert/606\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://securitytracker.com/id?1015793\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2006:056\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.osvdb.org/24000\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.osvdb.org/24001\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/428183/100/0/threaded\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/428230/100/0/threaded\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/17169\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1017\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1028\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25341\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/19256\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/19307\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/19311\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/19316\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/19676\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/606\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1015793\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2006:056\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/24000\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/24001\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/428183/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/428230/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/17169\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1017\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1028\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25341\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-0745\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2006-03-21T02:06:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x.org:x11r6:6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F9809AF-75A2-4E08-9E41-EE9DB960E789\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x.org:x11r7:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D02D3FA8-EDCD-4A3C-81CF-FC09633270DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x.org:x11r7:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3D35005-EEB1-4FA1-95B5-EFF2ABC31AD3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"597094EC-D23F-4EC4-A140-96F287679124\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:x86_64:*:*:*:*:*\",\"matchCriteriaId\":\"07EC6C5A-33C9-456A-A8C9-0DF67C76041E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA3B94B6-A5E4-4432-802E-BFAD7F3B5B4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*\",\"matchCriteriaId\":\"0C0C3793-E011-4915-8F86-CE622A2D37D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:suse_linux:10.0:*:oss:*:*:*:*:*\",\"matchCriteriaId\":\"16915004-1006-41D6-9E42-D1A5041E442D\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/19256\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/19307\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/19311\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/19316\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/19676\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securityreason.com/securityalert/606\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securitytracker.com/id?1015793\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:056\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.osvdb.org/24000\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.osvdb.org/24001\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/428183/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/428230/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/17169\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1017\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1028\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25341\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/19256\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19307\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19311\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19676\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/606\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015793\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:056\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/24000\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/24001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/428183/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/428230/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17169\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1028\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25341\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2006-0745

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-0745

Aliases

CVE-2006-0745

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-0745",
    "description": "X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.",
    "id": "GSD-2006-0745",
    "references": [
      "https://www.suse.com/security/cve/CVE-2006-0745.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-0745"
      ],
      "details": "X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.",
      "id": "GSD-2006-0745",
      "modified": "2023-12-13T01:19:50.648905Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2006-0745",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "MDKSA-2006:056",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:056"
          },
          {
            "name": "20060320 Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/428230/100/0/threaded"
          },
          {
            "name": "xorg-geteuid-privilege-escalation(25341)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25341"
          },
          {
            "name": "FEDORA-2006-172",
            "refsource": "FEDORA",
            "url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm",
            "refsource": "CONFIRM",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm"
          },
          {
            "name": "20060320 [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/428183/100/0/threaded"
          },
          {
            "name": "1015793",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015793"
          },
          {
            "name": "19256",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19256"
          },
          {
            "name": "102252",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1"
          },
          {
            "name": "24000",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/24000"
          },
          {
            "name": "19676",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19676"
          },
          {
            "name": "19316",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19316"
          },
          {
            "name": "24001",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/24001"
          },
          {
            "name": "ADV-2006-1017",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1017"
          },
          {
            "name": "606",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/606"
          },
          {
            "name": "17169",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/17169"
          },
          {
            "name": "SUSE-SA:2006:016",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html"
          },
          {
            "name": "ADV-2006-1028",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1028"
          },
          {
            "name": "19307",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19307"
          },
          {
            "name": "19311",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19311"
          },
          {
            "name": "oval:org.mitre.oval:def:1697",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:x.org:x11r7:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:x.org:x11r7:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:x.org:x11r6:6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:x86_64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:10.0:*:oss:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2006-0745"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "17169",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/17169"
            },
            {
              "name": "19311",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/19311"
            },
            {
              "name": "SUSE-SA:2006:016",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html"
            },
            {
              "name": "FEDORA-2006-172",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html"
            },
            {
              "name": "102252",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1"
            },
            {
              "name": "24000",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/24000"
            },
            {
              "name": "24001",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/24001"
            },
            {
              "name": "1015793",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1015793"
            },
            {
              "name": "19256",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/19256"
            },
            {
              "name": "19307",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/19307"
            },
            {
              "name": "19316",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/19316"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm"
            },
            {
              "name": "19676",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/19676"
            },
            {
              "name": "MDKSA-2006:056",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:056"
            },
            {
              "name": "606",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/606"
            },
            {
              "name": "ADV-2006-1028",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/1028"
            },
            {
              "name": "ADV-2006-1017",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/1017"
            },
            {
              "name": "xorg-geteuid-privilege-escalation(25341)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25341"
            },
            {
              "name": "oval:org.mitre.oval:def:1697",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697"
            },
            {
              "name": "20060320 Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/428230/100/0/threaded"
            },
            {
              "name": "20060320 [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/428183/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-19T15:46Z",
      "publishedDate": "2006-03-21T02:06Z"
    }
  }
}

CERTA-2006-AVI-120

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans la vérification des privilèges des serveurs graphiques X.Org 1.0.0, X11R6.9 et X11R7.0 permet à un utilisateur malveillant d'exécuter du code arbitraire et d'obtenir les privilèges de l'administrateur.

Description

Une erreur dans la vérification des privilèges de l'utilisateur effectuée par la fonction getuid des serveurs graphiques X.Org 1.0.0, X11R6.9 et X11R7.0 permet à un utilisateur malveillant ayant accès à la machine d'introduire des arguments arbitraires avec les options -logfile ou -modulepath. En d'autres termes, cette vulnérabilité peut être utilisée pour écraser des fichiers existants ou exécuter du code arbitraire avec les privilèges de l'administrateur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions X.Org server 1.0.0, X11R6.9 et X11R7.0.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité de l'éditeur	None	vendor-advisory
Bulletin de sécurité Sun Solaris #102252 du 21 mars 2006 :	-	other
Bulletin de sécurité Mandriva MDKSA-2006:056 du 21 mars 2006 :	-	other
Bulletin de sécurité SUSE SUSE-SA:2006:016 du 21 mars 2006 :	-	other
Site officiel du projet X.Org :	-	other
Bulletin de sécurité FreeBSD pour xorg-server du 21 mars 2006 :	-	other
Mise à jour de sécurité Fedora Core 5 du 21 mars 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eLes versions X.Org server 1.0.0, X11R6.9 et X11R7.0.\u003c/P\u003e",
  "content": "## Description\n\nUne erreur dans la v\u00e9rification des privil\u00e8ges de l\u0027utilisateur\neffectu\u00e9e par la fonction getuid des serveurs graphiques X.Org 1.0.0,\nX11R6.9 et X11R7.0 permet \u00e0 un utilisateur malveillant ayant acc\u00e8s \u00e0 la\nmachine d\u0027introduire des arguments arbitraires avec les options -logfile\nou -modulepath. En d\u0027autres termes, cette vuln\u00e9rabilit\u00e9 peut \u00eatre\nutilis\u00e9e pour \u00e9craser des fichiers existants ou ex\u00e9cuter du code\narbitraire avec les privil\u00e8ges de l\u0027administrateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-0745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0745"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun Solaris #102252 du 21 mars 2006 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2006:056 du 21 mars    2006 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:056"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SA:2006:016 du 21 mars 2006    :",
      "url": "http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html"
    },
    {
      "title": "Site officiel du projet X.Org :",
      "url": "http://xorg.freedesktop.org/releases/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD pour xorg-server du 21 mars    2006 :",
      "url": "http://www.vuxml.org/freebsd/pkg-xorg-server.html"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Fedora Core 5 du 21 mars 2006 :",
      "url": "http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/"
    }
  ],
  "reference": "CERTA-2006-AVI-120",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-03-21T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 SUSE et FreeBSD.",
      "revision_date": "2006-03-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans la v\u00e9rification des privil\u00e8ges des serveurs\ngraphiques X.Org 1.0.0, X11R6.9 et X11R7.0 permet \u00e0 un utilisateur\nmalveillant d\u0027ex\u00e9cuter du code arbitraire et d\u0027obtenir les privil\u00e8ges de\nl\u0027administrateur.\n",
  "title": "Vuln\u00e9rabilit\u00e9 du serveur X.Org-X11",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur",
      "url": null
    }
  ]
}

CERTA-2006-AVI-120

Vulnerability from certfr_avis - Published: - Updated:

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions X.Org server 1.0.0, X11R6.9 et X11R7.0.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité de l'éditeur	None	vendor-advisory
Bulletin de sécurité Sun Solaris #102252 du 21 mars 2006 :	-	other
Bulletin de sécurité Mandriva MDKSA-2006:056 du 21 mars 2006 :	-	other
Bulletin de sécurité SUSE SUSE-SA:2006:016 du 21 mars 2006 :	-	other
Site officiel du projet X.Org :	-	other
Bulletin de sécurité FreeBSD pour xorg-server du 21 mars 2006 :	-	other
Mise à jour de sécurité Fedora Core 5 du 21 mars 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eLes versions X.Org server 1.0.0, X11R6.9 et X11R7.0.\u003c/P\u003e",
  "content": "## Description\n\nUne erreur dans la v\u00e9rification des privil\u00e8ges de l\u0027utilisateur\neffectu\u00e9e par la fonction getuid des serveurs graphiques X.Org 1.0.0,\nX11R6.9 et X11R7.0 permet \u00e0 un utilisateur malveillant ayant acc\u00e8s \u00e0 la\nmachine d\u0027introduire des arguments arbitraires avec les options -logfile\nou -modulepath. En d\u0027autres termes, cette vuln\u00e9rabilit\u00e9 peut \u00eatre\nutilis\u00e9e pour \u00e9craser des fichiers existants ou ex\u00e9cuter du code\narbitraire avec les privil\u00e8ges de l\u0027administrateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-0745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0745"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun Solaris #102252 du 21 mars 2006 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2006:056 du 21 mars    2006 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:056"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SA:2006:016 du 21 mars 2006    :",
      "url": "http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html"
    },
    {
      "title": "Site officiel du projet X.Org :",
      "url": "http://xorg.freedesktop.org/releases/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD pour xorg-server du 21 mars    2006 :",
      "url": "http://www.vuxml.org/freebsd/pkg-xorg-server.html"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Fedora Core 5 du 21 mars 2006 :",
      "url": "http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/"
    }
  ],
  "reference": "CERTA-2006-AVI-120",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-03-21T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 SUSE et FreeBSD.",
      "revision_date": "2006-03-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans la v\u00e9rification des privil\u00e8ges des serveurs\ngraphiques X.Org 1.0.0, X11R6.9 et X11R7.0 permet \u00e0 un utilisateur\nmalveillant d\u0027ex\u00e9cuter du code arbitraire et d\u0027obtenir les privil\u00e8ges de\nl\u0027administrateur.\n",
  "title": "Vuln\u00e9rabilit\u00e9 du serveur X.Org-X11",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur",
      "url": null
    }
  ]
}

GHSA-QHRH-3JJ7-5JGG

Vulnerability from github – Published: 2022-05-01 06:42 – Updated: 2022-05-01 06:42

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-0745"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-03-21T02:06:00Z",
    "severity": "HIGH"
  },
  "details": "X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.",
  "id": "GHSA-qhrh-3jj7-5jgg",
  "modified": "2022-05-01T06:42:28Z",
  "published": "2022-05-01T06:42:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0745"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25341"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19256"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19307"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19311"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19316"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19676"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/606"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015793"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:056"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/24000"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/24001"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/428183/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/428230/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17169"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1017"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1028"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2006-0745

Vulnerability from fkie_nvd - Published: 2006-03-21 02:06 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://secunia.com/advisories/19256
secalert@redhat.com	http://secunia.com/advisories/19307
secalert@redhat.com	http://secunia.com/advisories/19311
secalert@redhat.com	http://secunia.com/advisories/19316
secalert@redhat.com	http://secunia.com/advisories/19676
secalert@redhat.com	http://securityreason.com/securityalert/606
secalert@redhat.com	http://securitytracker.com/id?1015793
secalert@redhat.com	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1
secalert@redhat.com	http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDKSA-2006:056
secalert@redhat.com	http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html
secalert@redhat.com	http://www.osvdb.org/24000
secalert@redhat.com	http://www.osvdb.org/24001
secalert@redhat.com	http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/428183/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/archive/1/428230/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/17169	Exploit, Patch
secalert@redhat.com	http://www.vupen.com/english/advisories/2006/1017
secalert@redhat.com	http://www.vupen.com/english/advisories/2006/1028
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/25341
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19256
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19307
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19311
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19316
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19676
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/606
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015793
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2006:056
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/24000
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/24001
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/428183/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/428230/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17169	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1017
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1028
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/25341
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697

Impacted products

Vendor	Product	Version
x.org	x11r6	6.9
x.org	x11r7	1.0
x.org	x11r7	1.0.1
mandrakesoft	mandrake_linux	2006
mandrakesoft	mandrake_linux	2006
redhat	fedora_core	core_5.0
sun	solaris	10.0
suse	suse_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:x.org:x11r6:6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F9809AF-75A2-4E08-9E41-EE9DB960E789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:x11r7:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D02D3FA8-EDCD-4A3C-81CF-FC09633270DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:x.org:x11r7:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3D35005-EEB1-4FA1-95B5-EFF2ABC31AD3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "597094EC-D23F-4EC4-A140-96F287679124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "07EC6C5A-33C9-456A-A8C9-0DF67C76041E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA3B94B6-A5E4-4432-802E-BFAD7F3B5B4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*",
              "matchCriteriaId": "0C0C3793-E011-4915-8F86-CE622A2D37D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:10.0:*:oss:*:*:*:*:*",
              "matchCriteriaId": "16915004-1006-41D6-9E42-D1A5041E442D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile."
    }
  ],
  "id": "CVE-2006-0745",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-03-21T02:06:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/19256"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/19307"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/19311"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/19316"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/19676"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securityreason.com/securityalert/606"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1015793"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:056"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/24000"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/24001"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/428183/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/428230/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/17169"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/1017"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/1028"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25341"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/606"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/428183/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/428230/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/17169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25341"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-0745 (GCVE-0-2006-0745)

GSD-2006-0745

CERTA-2006-AVI-120

Description

Solution

CERTA-2006-AVI-120

Description

Solution

GHSA-QHRH-3JJ7-5JGG

FKIE_CVE-2006-0745

Tags

Sightings

Nomenclature