Bug 2259536 (CVE-2006-2916) - CVE-2006-2916 arts: does not check the return value of the setuid which prevents artsd from dropping privileges
Summary: CVE-2006-2916 arts: does not check the return value of the setuid which prev...
Keywords:
Status: NEW
Alias: CVE-2006-2916
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2259539 2259540
Blocks: 2259538
TreeView+ depends on / blocked
 
Reported: 2024-01-22 09:08 UTC by Rohit Keshri
Modified: 2024-01-25 09:01 UTC (History)
1 user (show)

Fixed In Version: arts-1.5.10
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in artswrapper in aRts. When running a setuid root, it does not check the return value of the setuid function call. This flaw allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Comment 1 Rohit Keshri 2024-01-22 09:11:27 UTC
Created arts tracking bugs for this issue:

Affects: epel-all [bug 2259539]
Affects: fedora-all [bug 2259540]

Comment 2 Kevin Kofler 2024-01-22 22:06:37 UTC
https://nvd.nist.gov/vuln/detail/CVE-2006-2916

> Product is only vulnerable when running setuid root
[snip]
> OFFICIAL STATEMENT FROM RED HAT (08/16/2006)
> Not vulnerable. We do not ship aRts as setuid root on Red Hat Enterprise Linux 2.1, 3, or 4.

I can echo that here:
aRts in Fedora and EPEL is not installed as suid root, hence not vulnerable. No patch is needed.


Note You need to log in before you can comment on or make changes to this bug.