CVE-2006-0745

NameCVE-2006-0745
DescriptionX.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs360388, 378465

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xorg-server (PTS)stretch2:1.19.2-1+deb9u5fixed
stretch (security)2:1.19.2-1+deb9u9fixed
buster, buster (security)2:1.20.4-1+deb10u4fixed
bullseye (security), bullseye2:1.20.11-1+deb11u1fixed
bookworm, sid2:21.1.3-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xfree86source(unstable)(not affected)
xorg-serversource(unstable)1:1.0.2-1medium378465
xorg-x11source(unstable)6.9.0.dfsg.1-5medium360388

Search for package or bug name: Reporting problems