| Name | CVE-2006-0745 |
| Description | X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 360388, 378465 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| xorg-server (PTS) | bullseye | 2:1.20.11-1+deb11u13 | fixed |
| bullseye (security) | 2:1.20.11-1+deb11u15 | fixed | |
| bookworm, bookworm (security) | 2:21.1.7-3+deb12u9 | fixed | |
| sid, trixie | 2:21.1.16-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| xfree86 | source | (unstable) | (not affected) | |||
| xorg-server | source | (unstable) | 1:1.0.2-1 | medium | 378465 | |
| xorg-x11 | source | (unstable) | 6.9.0.dfsg.1-5 | medium | 360388 |