RSS   Vulnerabilities for 'X11r7'   RSS

2006-08-29
 
CVE-2006-4447

 
 
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.

 
2006-03-20
 
CVE-2006-0745

CWE-Other
 
 
X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

 

 >>> Vendor: X.org 34 Products
X11
Xterm
X11r6
X.org
X11r7
Emu-linux-x87-xlibs
XDM
Xf86dga
Xinit
Xload
Xorg-server
Libx11
Libxfont
X window system
Xserver
X font server
Xinput
Tog-cup
EVI
Mit-shm
Libxinerama
Libxrender
Libxv
X.org-server
X.xorg-server
Xfree86
X.org x11
Libxfixes
Libxi
Libxrandr
Libxtst
Libxvmc
Libxdmcp
X server

Copyright 2024, cxsecurity.com

 

Back to Top