blob: fea23a770832d8aa2d9f4ef729414a3e7ea8afc8 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200606-22">
<title>aRts: Privilege escalation</title>
The artswrapper part of aRts allows local users to execute arbitrary code
with elevated privileges.
<product type="ebuild">aRts</product>
<announced>June 22, 2006</announced>
<revised>June 22, 2006: 01</revised>
<package name="kde-base/arts" auto="yes" arch="*">
<unaffected range="ge">3.5.2-r1</unaffected>
<unaffected range="rge">3.4.3-r1</unaffected>
<vulnerable range="lt">3.5.2-r1</vulnerable>
aRts is a real time modular system for synthesizing audio used by KDE.
artswrapper is a helper application used to start the aRts daemon.
artswrapper fails to properly check whether it can drop privileges
accordingly if setuid() fails due to a user exceeding assigned resource
<impact type="high">
Local attackers could exploit this vulnerability to execute arbitrary
code with elevated privileges. Note that the aRts package provided by
Gentoo is only vulnerable if the artswrappersuid USE-flag is enabled.
There is no known workaround at this time.
All aRts users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose kde-base/arts</code>
<uri link="">CVE-2006-2916</uri>
<metadata tag="submitter" timestamp="Thu, 15 Jun 2006 13:39:42 +0000">
<metadata tag="bugReady" timestamp="Sat, 17 Jun 2006 13:17:47 +0000">