ISS X-Force Database: arts-artwrapper-privilege-escalation(27221): aRts artswrapper setuid privilege escalation

aRts artswrapper setuid privilege escalation

arts-artwrapper-privilege-escalation (27221)

High Risk

Description:

aRts running on Linux version 2.6.0 or later could allow a local attacker to gain elevated privileges on the system, caused by improper validation of the return value of the setuid function call in artswrapper. A local attacker could exploit this vulnerability to gain root privileges on the system by causing setuid to fail, which would result in artsd failing to drop privileges.

Platforms Affected:

Gentoo, Linux
MandrakeSoft, Mandrake Linux 2006 X86_64
MandrakeSoft, Mandrake Linux 2006
MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
MandrakeSoft, Mandrake Linux Corporate Server 3.0
Stefan Westerfeld, aRts 1.0.x
Stefan Westerfeld, aRts 1.2.x

Remedy:

Apply the patch for this vulnerability, as listed in aRts Security Advisory 2006-06-14. See References.

For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2006-06-22 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux:
Refer to GLSA 200704-22 for patch, upgrade, or suggested workaround information. See References.

Upgrade to the latest version of BEAST/BSE (0.7.1 or later), available from the BEAST-ANNOUNCE Mailing List. See References.

For other distributions: Contact your vendor for upgrade or patch information.

Consequences:

Gain Privileges

References:

aRts Security Advisory 2006-06-14, artswrapper setuid() return value checking vulnerability at http://www.kde.org/info/security/advisory-20060614-2.txt.
aRts Web site, aRts - analog realtime synthesizer at http://www.arts-project.org/.
BEAST-ANNOUNCE Mailing List, Thu, 28 Dec 2006 01:32:27 +0100 (CET), ANNOUNCE: BEAST/BSE v0.7.1 at http://mail.gnome.org/archives/beast/2006-December/msg00025.html.
BugTraq Mailing List, Thu Jun 15 2006 - 14:01:00 CDT , rPSA-2006-0105-1 arts at http://archives.neohapsis.com/archives/bugtraq/2006-06/0312.html.
BID-18429: KDE ArtsWrapper Local Privilege Escalation Vulnerability
BID-23697: Beast Resource Limit Local Denial Of Service Vulnerability
CVE-2006-2916: artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.
GLSA-200606-22: aRts: Privilege escalation
GLSA-200704-22: BEAST: Denial of Service
MDKSA-2006:107: Updated arts packages fix vulnerability in artswrapper
OSVDB ID: 26506: aRts artswrapper Helper Application Local Privilege Escalation
SA20677: aRts "artswrapper" Helper Application setuid Security Issue
SA25032: BEAST/BSE "seteuid()" and "setreuid()" Security Issue
SECTRACK ID: 1016298: Artswrapper setuid() Failure Lets Local Users Gain Root Privileges
SUSE-SR:2006:015: SUSE Security Summary Report
VUPEN/ADV-2006-2357: KDE aRts artswrapper Helper Application Local Privilege Escalation Vulnerability
VUPEN/ADV-2007-0409: BEAST/BSE Security Update Fixes Multiple Local Privilege Escalation Vulnerabilities

Reported:

Jun 14, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page