CVE-2006-6730

Severity Score

6.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86 (aka the video card memory-mapped I/O range), and then launching the new handler via a System Management Interrupt (SMI), as demonstrated by a write to Programmed I/O port 0xB2.

OpenBSD y NetBSD permiten al código en modo de usuario matar el servidor de pantalla y escribir en dispositivo X.Org /dev/xf86, lo cual permite a usuarios locales con privilegios de root reducir el nivel de seguridad reemplazando el manejador del Modo de Administración de Sistema (System Management Mode o SMM) mediante una escritura a una dirección SMRAM dentro de /dev/xf86 (esto es el rango de E/S mapeado en memoria para la tarjeta de vídeo), y entonces lanzando el nuevo manejador mediante una Interrupción de Administración de Sistema (System Management Interrupt o SMI), tal y como se ha demostrado con una escritura al puerto de E/S Programada 0xB2.

*Credits: N/A

CVSS Scores

NISTv2 6.6

Attack Vector

Local

Attack Complexity

Medium

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-12-26 CVE Reserved
2006-12-26 CVE Published
2024-05-20 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
http://lists.freedesktop.org/archives/xorg/2004-June/000927.html	Mailing List
http://www.cansecwest.com/slides06/csw06-duflot.ppt	X_refsource_misc
http://www.securityfocus.com/archive/1/454379/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/454510/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/454706/100/0/threaded	Mailing List
http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper.pdf	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Netbsd Search vendor "Netbsd"		Netbsd Search vendor "Netbsd" for product "Netbsd"				2.0.4 Search vendor "Netbsd" for product "Netbsd" and version "2.0.4"		-		Affected
Openbsd Search vendor "Openbsd"		Openbsd Search vendor "Openbsd" for product "Openbsd"				*		-		Affected