CVE-2006-4447

N/A Unknown

Published: August 30, 2006 Modified: April 16, 2026

Description

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.freedesktop.org/archives/xorg/2006-June/016146.html

Source: cve@mitre.org

Patch

http://mail.gnome.org/archives/beast/2006-December/msg00025.html

Source: cve@mitre.org

http://secunia.com/advisories/21650

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/21660

Source: cve@mitre.org

http://secunia.com/advisories/21693

Source: cve@mitre.org

http://secunia.com/advisories/22332

Source: cve@mitre.org

http://secunia.com/advisories/25032

Source: cve@mitre.org

http://secunia.com/advisories/25059

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200608-25.xml

Source: cve@mitre.org

Patch Vendor Advisory

http://security.gentoo.org/glsa/glsa-200704-22.xml

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1193

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/300368

Source: cve@mitre.org

US Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2006:160

Source: cve@mitre.org

http://www.securityfocus.com/bid/19742

Source: cve@mitre.org

http://www.securityfocus.com/bid/23697

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/3409

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/0409

Source: cve@mitre.org

http://lists.freedesktop.org/archives/xorg/2006-June/016146.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://mail.gnome.org/archives/beast/2006-December/msg00025.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21650

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://secunia.com/advisories/21660

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21693

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/22332

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25032

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25059

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200608-25.xml

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://security.gentoo.org/glsa/glsa-200704-22.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2006/dsa-1193

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/300368

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2006:160

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/19742

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/23697

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/3409

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/0409

Source: af854a3a-2127-422b-91ae-364da2661108

34 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.2%

39th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

x.org