Info

Disclosure

Jun 14, 2006

Discovery

Unknown

Dates

Exploit

Jun 14, 2006

Solution

Unknown

Description

aRts artswrapper contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered because the artswrapper helper application does not properly process setuid() function call failures. This flaw may lead to a loss of Confidentiality.

Classification

Location: Local Access Required
Attack Type: Authentication Management
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

KDE Project has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround: remove the suid bit from the artswrapper binary.

Products

KDE Project	aRts artswrapper	1.0
		2.0

References

Security Tracker: 1016298
Bugtraq ID: 18429
CVE ID: 2006-2916 (see also: NVD)
Secunia Advisory ID: 20677 20786 20868 20899 25032 25059
ISS X-Force ID: 27221
VUPEN Advisory: ADV-2006-2357
Vendor URL: http://beast.gtk.org/
Vendor Specific News/Changelog Entry: http://beast.gtk.org/news-file
Other Advisory URL: http://beast.gtk.org/news-file
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256
http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml
http://www.gentoo.org/security/en/glsa/glsa-200704-22.xml
http://www.kde.org/info/security/advisory-20060614-2.txt
Other Solution URL: http://dot.kde.org/1150310128/
Vendor Specific Advisory URL: http://www.novell.com/linux/security/advisories/2006_38_security.html

Credit

KDE Project - KDE Project

Direct URL: http://osvdb.org/26506