Launchpad.net

CVE 2006-2916

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

Related bugs and status

CVE-2006-2916 (Candidate) is related to these bugs:

Bug #93531: security issue with beast wrappers

Summary				In	Importance	Status
	93531	security issue with beast wrappers		beast (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.kde.org/inf...
CONFIRM: http://dot.kde.org/115...
BID: 18429
SECTRACK: 1016298
SECUNIA: 20677
OSVDB: 26506
GENTOO: GLSA-200606-22
SECUNIA: 20827
SECUNIA: 20786
SECUNIA: 20868
SUSE: SUSE-SR:2006:015
SECUNIA: 20899
MLIST: [beast] 20061228 ANNOU...
GENTOO: GLSA-200704-22
BID: 23697
SECUNIA: 25032
SECUNIA: 25059
MANDRIVA: MDKSA-2006:107
VUPEN: ADV-2006-2357
VUPEN: ADV-2007-0409
SLACKWARE: SSA:2006-178-03
XF: arts-artwrapper-privil...
BUGTRAQ: 20060615 rPSA-2006-010...