Detections
Analytics

Slackware 10.0 / 10.1 / 10.2 / current : arts (SSA:2006-178-03)

medium Nessus Plugin ID 21767

Synopsis

The remote Slackware host is missing a security update.

Description

New aRts packages are available for Slackware 10.0, 10.1, 10.2, and
-current to fix a possible security issue with artswrapper. The artswrapper program and the artsd daemon can be used to gain root privileges if artswrapper is setuid root and the system is running a 2.6.x kernel. Note that artswrapper is not setuid root on Slackware by default. Some people have recommended setting it that way online though, so it's at least worth warning about. It's far safer to just add users to the audio group. The official KDE security advisory may be found here:
http://www.kde.org/info/security/advisory-20060614-2.txt

Solution

Update the affected arts package.

See Also

https://www.kde.org/info/security/advisory-20060614-2.txt

http://www.nessus.org/u?086b2a3e

Plugin Details

Severity: Medium

ID: 21767

File Name: Slackware_SSA_2006-178-03.nasl

Version: 1.16

Type: local

Published: 6/28/2006

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:arts, cpe:/o:slackware:slackware_linux, cpe:/o:slackware:slackware_linux:10.0, cpe:/o:slackware:slackware_linux:10.1, cpe:/o:slackware:slackware_linux:10.2

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Patch Publication Date: 6/27/2006

Reference Information

CVE: CVE-2006-2916

SSA: 2006-178-03