CVE-2006-0745

X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:x.org:x11r6:6.9:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x11r7:1.0:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x11r7:1.0.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:x86_64:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:10.0:*:oss:*:*:*:*:*

History

No history.

Information

Published : 2006-03-21 02:06

Updated : 2024-02-28 10:42


NVD link : CVE-2006-0745

Mitre link : CVE-2006-0745

CVE.ORG link : CVE-2006-0745


JSON object : View

Products Affected

suse

  • suse_linux

mandrakesoft

  • mandrake_linux

x.org

  • x11r6
  • x11r7

redhat

  • fedora_core

sun

  • solaris