VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Aug 30, 2006· Updated Apr 16, 2026

CVE-2006-4447

CVE-2006-4447

Description

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.

Affected products

14
  • Xorg/Emu Linux X87 Xlibs
    cpe:2.3:a:x.org:emu-linux-x87-xlibs:7.0_r1:*:*:*:*:*:*:*
  • Xorg/X11r64 versions
    cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:x.org:x11r6:6.8.2:*:*:*:*:*:*:*
  • Xorg/X11r73 versions
    cpe:2.3:a:x.org:x11r7:1.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:x.org:x11r7:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:x.org:x11r7:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:x.org:x11r7:1.0.2:*:*:*:*:*:*:*
  • Xorg/Xdm
    cpe:2.3:a:x.org:xdm:1.0.3:*:*:*:*:*:*:*
  • Xorg/Xf86dga
    cpe:2.3:a:x.org:xf86dga:1.0.0:*:*:*:*:*:*:*
  • Xorg/Xinit
    cpe:2.3:a:x.org:xinit:1.0.2_r5:*:*:*:*:*:*:*
  • Xorg/Xload
    cpe:2.3:a:x.org:xload:1.0.0:*:*:*:*:*:*:*
  • Xorg/Xorg Server
    cpe:2.3:a:x.org:xorg-server:1.02_r5:*:*:*:*:*:*:*
  • Xorg/Xterm
    cpe:2.3:a:x.org:xterm:214:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

17

News mentions

0

No linked articles in our index yet.