Home > Vulnerability Database > CVE-2006-2916

Mend.io Vulnerability Database

CVE-2006-2916

Date: June 15, 2006

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

Severity Score

7.8

Related Resources (26)

Url: http://www.securityfocus.com/archive/1/437362/100/0/threaded

Url: http://security.gentoo.org/glsa/glsa-200704-22.xml

Url: http://secunia.com/advisories/20868

Url: http://mail.gnome.org/archives/beast/2006-December/msg00025.html

Url: http://secunia.com/advisories/20827

Url: http://www.osvdb.org/26506

Url: http://secunia.com/advisories/20786

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/27221

Url: http://secunia.com/advisories/25032

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2006-2916

Url: http://www.vupen.com/english/advisories/2007/0409

Url: http://www.vupen.com/english/advisories/2006/2357

Url: http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml

Url: http://secunia.com/advisories/25059

Url: http://www.securityfocus.com/bid/23697

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256

Url: http://dot.kde.org/1150310128/

Url: http://secunia.com/advisories/20677

Url: http://securitytracker.com/id?1016298

Url: http://secunia.com/advisories/20899

Url: http://www.kde.org/info/security/advisory-20060614-2.txt

Url: http://www.securityfocus.com/bid/18429

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-2916

Url: http://www.novell.com/linux/security/advisories/2006_38_security.html

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:107

Url: https://www.mend.io/vulnerability-database/CVE-2006-2916

Severity Score

7.8

Weakness Type (CWE)

Improper Check for Dropped Privileges

CWE-273

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.0
Access Vector (AV):	LOCAL
Access Complexity (AC):	HIGH
Authentication (AU):	SINGLE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-2916

Date: June 15, 2006

Severity Score

Related Resources (26)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?