CVE-2006-0745

X.Org server <1.0.0 - Privilege Escalation

Title source: llm

Description

X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

Exploits (1)

exploitdb WORKING POC VERIFIED

by H D Moore · textlocallinux

https://www.exploit-db.com/exploits/1596

View Code ZIP pw:eip

References (21)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/428183/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/428230/100/0/threaded

[Exploit, Patch] http://www.securityfocus.com/bid/17169

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/25341

[Vendor Advisory] http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2006:056

[Vendor Advisory] http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1

[Vendor Advisory] http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html

[Third Party Advisory, VDB Entry] http://www.osvdb.org/24000

[Third Party Advisory, VDB Entry] http://www.osvdb.org/24001

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1015793

[Third Party Advisory] http://secunia.com/advisories/19256

[Third Party Advisory] http://secunia.com/advisories/19307

[Third Party Advisory] http://secunia.com/advisories/19311

[Third Party Advisory] http://secunia.com/advisories/19316

[Third Party Advisory] http://secunia.com/advisories/19676

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/1017

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/1028

... and 1 more

Scores

EPSS 0.0018

EPSS Percentile 39.0%

Classification

Status draft

Affected Products (8)

x.org/x11r6

x.org/x11r7

x.org/x11r7

mandrakesoft/mandrake_linux

mandrakesoft/mandrake_linux

redhat/fedora_core

sun/solaris

suse/suse_linux

Timeline

Published Mar 21, 2006

Tracked Since Feb 18, 2026