Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2006-4447

EPSS 0.18% · P39
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-4447

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
X.Org多个setuid调用返回检查本地权限提升漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
X.Org是X.Org基金会运作的一个对X Window系统的官方参考实现,是开源的自由软件。 X.Org在处理权限放弃操作时存在漏洞,本地攻击者可能利用此漏洞提升自己的权限。 X.Org没有检查setuid()或类似的调用是否成功。如果由于"maximum processes"ulimit的限制导致调用失败的话,就会导致进程以root用户权限执行某些特权操作(文件访问)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2006-4447

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2006-4447

登录查看更多情报信息。

Same Patch Batch · n/a · 2006-08-30 · 14 CVEs total

CVE-2006-4452Web3news '_class.security.php' PHPSECURITYADMIN_PATH变量远程文件包含漏洞
CVE-2006-4453PmWiki表格标记未明跨站脚本漏洞
CVE-2006-4454HLstats 'Hlstats.PHP'跨站脚本攻击漏洞
CVE-2006-4455Xchat 未明PRIVMSG命令拒绝服务攻击漏洞
CVE-2003-1305Microsoft Internet Explorer安全漏洞
CVE-2005-4809Mozilla Suite/Firefox/Thunderbird嵌套锚点标签状态栏欺骗漏洞
CVE-2005-4810Microsoft Internet Explorer 7.0 拒绝服务攻击漏洞
CVE-2006-4305SAP-DB/MaxDB HTTP请求远程缓冲区溢出漏洞
CVE-2006-4446Microsoft IE COM对象实例化daxctle.ocx堆破坏漏洞(MS06-067)
CVE-2006-4448Interact 多个PHP远程文件包含漏洞
CVE-2006-4449MyBB 'attachment.php' 跨站脚本攻击(XSS)漏洞
CVE-2006-4450phpBB可作为HTTP代理使用漏洞
CVE-2006-4451CJ Tag Board PHP远程代码注入漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2006-4447

No comments yet

Leave a comment