|
Family: Slackware Local Security Checks --> Category: infos
SSA-2006-178-03 arts Vulnerability Scan
Vulnerability Scan Summary SSA-2006-178-03 arts
Detailed Explanation for this Vulnerability Test
New aRts packages are available for Slackware 10.0, 10.1, 10.2, and -current
to fix a possible security issue with artswrapper. The artswrapper program
and the artsd daemon can be used to gain root rights if artswrapper is
setuid root and the system is running a 2.6.x kernel. Note that artswrapper
is not setuid root on Slackware by default. Some people have recommended
setting it that way online though, so it's at least worth warning about.
It's far safer to just add users to the audio group.
The official KDE security advisory may be found here:
http://www.kde.org/info/security/advisory-20060614-2.txt
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916
Click HERE for more information and discussions on this network vulnerability scan.
|