DEBIAN-CVE-2006-4447

DEBIAN-CVE-2006-4447 PUBLISHED

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.

Affected Products

Vendor	Product	Versions
Debian:14	xdm	0, 0, 0
Debian:12	xtrans	0, 0, 0
Debian:14	xterm	399-1, 405-1, 407-1
Debian:13	xtrans	0, 0, 0
Debian:13	xorg-server	0, 0, 0
Debian:11	xorg-server	0, 0, 0
Debian:13	xterm	405-1, 404-1, 403-1
Debian:11	xdm	0, 0, 0
Debian:11	xtrans	0, 0, 0
Debian:12	xdm	0, 0, 0
Debian:12	libx11	0, 0, 0
Debian:12	xorg-server	0, 0, 0
Debian:13	xdm	0, 0, 0
Debian:14	xtrans	0, 0, 0
Debian:12	xterm	396-1, 0, 379-1
Debian:14	libx11	0, 0, 0
Debian:11	libx11	0, 0, 0
Debian:14	xorg-server	0, 0, 0
Debian:13	libx11	0, 0, 0
Debian:11	xterm	373-1, 373-2, 374-1

Timeline

Aug 30, 2006 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2006-4447 advisory

Open in Interactive Console →