CVE-2006-4447
CVE-2006-4447 is a high-severity vulnerability in X.org Emu-linux-x87-xlibs with a CVSS 2.0 base score of 7.2. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 2.0 base score 7.2)
- EPSS exploit prediction: 0% (35th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: X.org Emu-linux-x87-xlibs
- Published:
- Last modified:
Description
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.
Frequently asked questions
- What is CVE-2006-4447?
- X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.
- How severe is CVE-2006-4447?
- CVE-2006-4447 has a CVSS 2.0 base score of 7.2, rated high severity.
- Is CVE-2006-4447 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (35th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2006-4447?
- CVE-2006-4447 primarily affects X.org Emu-linux-x87-xlibs. In total, 14 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2006-4447?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2006-4447 published?
- CVE-2006-4447 was published on 2006-08-30 and last updated on 2026-06-16.
References
- http://lists.freedesktop.org/archives/xorg/2006-June/016146.html
- http://mail.gnome.org/archives/beast/2006-December/msg00025.html
- http://secunia.com/advisories/21650
- http://secunia.com/advisories/21660
- http://secunia.com/advisories/21693
- http://secunia.com/advisories/22332
- http://secunia.com/advisories/25032
- http://secunia.com/advisories/25059
- http://security.gentoo.org/glsa/glsa-200608-25.xml
- http://security.gentoo.org/glsa/glsa-200704-22.xml
- http://www.debian.org/security/2006/dsa-1193
- http://www.kb.cert.org/vuls/id/300368
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:160
- http://www.securityfocus.com/bid/19742
- http://www.securityfocus.com/bid/23697
- http://www.vupen.com/english/advisories/2006/3409
- http://www.vupen.com/english/advisories/2007/0409
Affected products (14)
- cpe:2.3:a:x.org:emu-linux-x87-xlibs:7.0_r1:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r6:6.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r7:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r7:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:x11r7:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xdm:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xf86dga:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xinit:1.0.2_r5:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xload:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xorg-server:1.02_r5:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xterm:214:*:*:*:*:*:*:*