New Search

X.Org Privilege Escalation Vulnerability in X11R6.9 X11R7.0

oval:org.mitre.oval:def:1697

X.Org server (xorg-server) 1.0.0 and later X11R6.9.0 and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Sun Solaris 10
Class:
vulnerability
Reference(s):
  • CVE-2006-0745
Product(s):