artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.00145
Percentile: 0.35552

CVSS Scoring

Mapped CWE(s)

• CWE-273 : Improper Check for Dropped Privileges

Affected Products

• cpe:2.3:a:kde:arts:1.0:*:*:*:*:*:*:*
• cpe:2.3:a:kde:arts:1.2:*:*:*:*:*:*:*

← Back to Home