CVE-2006-2916

Publication date 15 June 2006

Last updated 17 July 2025

Ubuntu priority

Cvss 3 Severity Score

Description

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
arts	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected
beast	9.10 karmic	Fixed 0.6.6-8
	9.04 jaunty	Fixed 0.6.6-8
	8.10 intrepid	Fixed 0.6.6-8
	8.04 LTS hardy	Fixed 0.6.6-8
	7.10 gutsy	Fixed 0.6.6-8
	7.04 feisty	Fixed 0.6.6-8
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored end of life

Severity score breakdown

Parameter	Value
Base score	7.8 · High
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Other references

https://www.cve.org/CVERecord?id=CVE-2006-2916