CVE-2006-0745

NameCVE-2006-0745
DescriptionX.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs360388, 378465

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xorg-server (PTS)buster2:1.20.4-1+deb10u4fixed
buster (security)2:1.20.4-1+deb10u14fixed
bullseye2:1.20.11-1+deb11u11fixed
bullseye (security)2:1.20.11-1+deb11u13fixed
bookworm2:21.1.7-3+deb12u5fixed
bookworm (security)2:21.1.7-3+deb12u7fixed
sid, trixie2:21.1.12-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xfree86source(unstable)(not affected)
xorg-serversource(unstable)1:1.0.2-1medium378465
xorg-x11source(unstable)6.9.0.dfsg.1-5medium360388
Search for package or bug name: Reporting problems