The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability bulletin CVE-2006-4447

X.Org: privilege elevation via setuid

Synthesis of the vulnerability

In some cases, programs of X.Org do not loose their root privileges.
Vulnerable software: Debian, Mandriva Linux, XOrg Bundle ~ not comprehensive, libX11.
Severity of this announce: 2/4.
Consequences of an intrusion: administrator access/rights.
Attacker's origin: user shell.
Creation date: 27/07/2006.
Références of this computer vulnerability: CERTA-2006-AVI-454, CVE-2006-4447, DSA-1193-1, MDKSA-2006:160, VIGILANCE-VUL-6043.

Description of the vulnerability

The X.Org environment provide several tools which can be suid root: X server, xdm, xterm.

They call the setuid() function to loose their privileges. However, this function can fail (as described in VIGILANCE-VUL-807, or limiting the number of processes a user is allowed to run). As the error code is not checked, program continues to execute with root privileges.

This vulnerability therefore permits a local attacker to obtain root rights.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a computer vulnerability announce. The technology watch team tracks security threats targeting the computer system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.