FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-0745

This CVE name corresponds to:

Entered Topic
2006-03-21 xorg-server -- privilege escalation

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-0745 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-0745
Phase Assigned(20060217)

Description

X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

References

Source Reference
BUGTRAQ 20060320 [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0
BUGTRAQ 20060320 Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm
FEDORA FEDORA-2006-172
MANDRIVA MDKSA-2006:056
SUNALERT 102252
SUSE SUSE-SA:2006:016
BID 17169
VUPEN ADV-2006-1017
VUPEN ADV-2006-1028
OSVDB 24000
OSVDB 24001
OVAL oval:org.mitre.oval:def:1697
SECTRACK 1015793
SECUNIA 19311
SECUNIA 19256
SECUNIA 19307
SECUNIA 19316
SECUNIA 19676
SREASON 606
XF xorg-geteuid-privilege-escalation(25341)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.