製品・ソフトウェアに関する情報

JVN脆弱性詳細

aRts の artswrapper における root 権限を取得される脆弱性

Title	aRts の artswrapper における root 権限を取得される脆弱性
Summary	aRts の artswrapper には、root 権限を取得される脆弱性が存在します。
Possible impacts	ローカルユーザにより、 root 権限を取得される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	June 15, 2006, midnight
Registration Date	Dec. 26, 2013, 3:44 p.m.
Last Update	Dec. 26, 2013, 3:44 p.m.

CVSS2.0 : 警告
Score	6
Vector	AV:L/AC:H/Au:S/C:C/I:C/A:C

Affected System

KDE project

aRts

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-2916	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916
National Vulnerability Database (NVD)
2	CVE-2006-2916	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2916

ベンダー情報

No	Name	URL
関連リンク
1	1150310128	http://dot.kde.org/1150310128/
2	18429	http://www.securityfocus.com/bid/18429
3	advisory-20060614-2	http://www.kde.org/info/security/advisory-20060614-2.txt

Change Log

No	Changed Details	Date of change
0	[2013年12月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2006-2916

Summary	artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.
Publication Date	June 15, 2006, 7:02 p.m.
Registration Date	Jan. 29, 2021, 3:39 p.m.
Last Update	Jan. 21, 2024, 10:42 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:kde:arts:1.0:::::::*
cpe:2.3:a:kde:arts:1.2:::::::*
execution environment
1	cpe:2.3:o:linux:linux_kernel::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.kde.org/info/security/advisory-20060614-2.txt	CONFIRM	Patch Vendor Advisory
2	http://dot.kde.org/1150310128/	CONFIRM	Not Applicable
3	http://www.securityfocus.com/bid/18429	BID	Broken Link Patch Third Party Advisory VDB Entry
4	http://securitytracker.com/id?1016298	SECTRACK	Broken Link Third Party Advisory VDB Entry
5	http://secunia.com/advisories/20677	SECUNIA	Broken Link Vendor Advisory
6	http://www.osvdb.org/26506	OSVDB	Broken Link
7	http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml	GENTOO	Third Party Advisory
8	http://secunia.com/advisories/20827	SECUNIA	Broken Link Vendor Advisory
9	http://secunia.com/advisories/20786	SECUNIA	Broken Link Vendor Advisory
10	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256	SLACKWARE	Mailing List Third Party Advisory
11	http://secunia.com/advisories/20868	SECUNIA	Broken Link Vendor Advisory
12	http://www.novell.com/linux/security/advisories/2006_38_security.html	SUSE	Broken Link
13	http://secunia.com/advisories/20899	SECUNIA	Broken Link Vendor Advisory
14	http://mail.gnome.org/archives/beast/2006-December/msg00025.html	MLIST	Mailing List
15	http://security.gentoo.org/glsa/glsa-200704-22.xml	GENTOO	Third Party Advisory
16	http://www.securityfocus.com/bid/23697	BID	Broken Link Third Party Advisory VDB Entry
17	http://secunia.com/advisories/25032	SECUNIA	Broken Link
18	http://secunia.com/advisories/25059	SECUNIA	Broken Link
19	http://www.mandriva.com/security/advisories?name=MDKSA-2006:107	MANDRIVA	Third Party Advisory
20	http://www.vupen.com/english/advisories/2007/0409	VUPEN	Broken Link
21	http://www.vupen.com/english/advisories/2006/2357	VUPEN	Broken Link
22	https://exchange.xforce.ibmcloud.com/vulnerabilities/27221	XF	Third Party Advisory VDB Entry
23	http://www.securityfocus.com/archive/1/437362/100/0/threaded	BUGTRAQ	Broken Link Third Party Advisory VDB Entry

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-273	削除された特権に対する不適切なチェック	https://cwe.mitre.org/data/definitions/273.html