Bug#374003: CVE-2006-2916: artswrapper setuid() return value checking vulnerability

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#374003: CVE-2006-2916: artswrapper setuid() return value checking vulnerability
From: Stefan Fritsch <sf@sfritsch.de>
Date: Fri, 16 Jun 2006 20:29:29 +0200
Message-id: <[🔎] 20060616182929.14245.30504.reportbug@k.lan>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 374003@bugs.debian.org

Package: libarts1c2a
Version: 1.5.3-2
Severity: grave
Tags: security patch
Justification: user security hole

artswrapper is a helper application to start the aRts daemon 
with realtime privileges even for normal users. The wrapper
assumes that setuid() can not fail for SUID root applications.
This assertion is wrong under Linux kernel 2.6.0 or newer. 
Successful exploitation allows a normal user to launch artsd
as root, which could be exploited to gain system privileges.

See http://www.kde.org/info/security/advisory-20060614-2.txt
(includes patch)

Please mention the CVE-id in the changelog.

Reply to:

Follow-Ups:
- Bug#374003: CVE-2006-2916: artswrapper setuid() return value checking vulnerability
  - From: Pierre Habouzit <pierre.habouzit@m4x.org>

Prev by Date: Bug#372258: kwalletmanager does not appear in kde system tray
Next by Date: Bug#374002: kdm: [CVE-2006-2449] KDM symlink attack vulnerability
Previous by thread: Bug#373940: kdelibs4-dev: missing conflict resulting in FTBFS for kdeutils
Next by thread: Bug#374003: CVE-2006-2916: artswrapper setuid() return value checking vulnerability
Index(es):
- Date
- Thread