CVE-2006-4447

Name	CVE-2006-4447
Description	X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1193-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
libx11 (PTS)	buster	2:1.6.7-1+deb10u2	fixed
	buster (security)	2:1.6.7-1+deb10u4	fixed
	bullseye (security), bullseye	2:1.7.2-1+deb11u2	fixed
	bookworm, bookworm (security)	2:1.8.4-2+deb12u2	fixed
	sid, trixie	2:1.8.7-1	fixed
xdm (PTS)	sid, trixie, buster, bookworm, bullseye	1:1.1.11-3	fixed
xorg-server (PTS)	buster	2:1.20.4-1+deb10u4	fixed
	buster (security)	2:1.20.4-1+deb10u14	fixed
	bullseye	2:1.20.11-1+deb11u11	fixed
	bullseye (security)	2:1.20.11-1+deb11u13	fixed
	bookworm	2:21.1.7-3+deb12u5	fixed
	bookworm (security)	2:21.1.7-3+deb12u7	fixed
	sid, trixie	2:21.1.12-1	fixed
xterm (PTS)	buster	344-1+deb10u2	vulnerable
	bullseye	366-1+deb11u1	vulnerable
	bookworm	379-1	vulnerable
	sid, trixie	390-1	vulnerable
xtrans (PTS)	buster	1.3.5-1	fixed
	sid, trixie, bookworm, bullseye	1.4.0-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
libx11	source	(unstable)	2:1.0.0-7	unimportant
xbase-clients	source	(unstable)	1:7.1.ds-2	unimportant
xdm	source	(unstable)	1:1.0.5-1	unimportant
xfree86	source	sarge	4.3.0.dfsg.1-14sarge2		DSA-1193-1
xorg-server	source	(unstable)	1:1.0.2-9	low
xterm	source	(unstable)	(unfixed)	unimportant
xtrans	source	(unstable)	1.0.0-6	unimportant