CVE-2006-6730 - Vulnerability Details - OpenCVE

OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86 (aka the video card memory-mapped I/O range), and then launching the new handler via a System Management Interrupt (SMI), as demonstrated by a write to Programmed I/O port 0xB2.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netbsd	Netbsd
Openbsd	Openbsd

Configuration 1 [-]

OR	cpe:2.3:o:netbsd:netbsd:2.0.4:::::::*
	cpe:2.3:o:openbsd:openbsd::::::::

No data.

References

Link	Providers
http://lists.freedesktop.org/archives/xorg/2004-June/000927.html
http://www.cansecwest.com/slides06/csw06-duflot.ppt
http://www.securityfocus.com/archive/1/454379/100/0/threaded
http://www.securityfocus.com/archive/1/454510/100/0/threaded
http://www.securityfocus.com/archive/1/454706/100/0/threaded
http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-26T23:00:00

Updated: 2024-08-07T20:34:00.547Z

Reserved: 2006-12-26T00:00:00

Link: CVE-2006-6730

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-12-26T23:28:00.000

Modified: 2024-11-21T00:23:30.530

Link: CVE-2006-6730

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-12-14T00:00:00", "descriptions": [{"lang": "en", "value": "OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86 (aka the video card memory-mapped I/O range), and then launching the new handler via a System Management Interrupt (SMI), as demonstrated by a write to Programmed I/O port 0xB2."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20061215 Re: The (in)security of Xorg and DRI", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/454510/100/0/threaded"}, {"name": "[Xorg] 20040613 DRI merging", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.freedesktop.org/archives/xorg/2004-June/000927.html"}, {"name": "20061218 Re: The (in)security of Xorg and DRI", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/454706/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper.pdf"}, {"tags": ["x_refsource_MISC"], "url": "http://www.cansecwest.com/slides06/csw06-duflot.ppt"}, {"name": "20061214 The (in)security of Xorg and DRI", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/454379/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6730", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86 (aka the video card memory-mapped I/O range), and then launching the new handler via a System Management Interrupt (SMI), as demonstrated by a write to Programmed I/O port 0xB2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20061215 Re: The (in)security of Xorg and DRI", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/454510/100/0/threaded"}, {"name": "[Xorg] 20040613 DRI merging", "refsource": "MLIST", "url": "http://lists.freedesktop.org/archives/xorg/2004-June/000927.html"}, {"name": "20061218 Re: The (in)security of Xorg and DRI", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/454706/100/0/threaded"}, {"name": "http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper.pdf", "refsource": "MISC", "url": "http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper.pdf"}, {"name": "http://www.cansecwest.com/slides06/csw06-duflot.ppt", "refsource": "MISC", "url": "http://www.cansecwest.com/slides06/csw06-duflot.ppt"}, {"name": "20061214 The (in)security of Xorg and DRI", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/454379/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:34:00.547Z"}, "title": "CVE Program Container", "references": [{"name": "20061215 Re: The (in)security of Xorg and DRI", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/454510/100/0/threaded"}, {"name": "[Xorg] 20040613 DRI merging", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.freedesktop.org/archives/xorg/2004-June/000927.html"}, {"name": "20061218 Re: The (in)security of Xorg and DRI", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/454706/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.cansecwest.com/slides06/csw06-duflot.ppt"}, {"name": "20061214 The (in)security of Xorg and DRI", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/454379/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6730", "datePublished": "2006-12-26T23:00:00", "dateReserved": "2006-12-26T00:00:00", "dateUpdated": "2024-08-07T20:34:00.547Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netbsd:netbsd:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "36419DD6-0DB4-4BB6-A35F-D8FDB89402F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA3CDD3C-DBA6-4BA2-967D-AD746822F3CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86 (aka the video card memory-mapped I/O range), and then launching the new handler via a System Management Interrupt (SMI), as demonstrated by a write to Programmed I/O port 0xB2."}, {"lang": "es", "value": "OpenBSD y NetBSD permiten al c\u00f3digo en modo de usuario matar el servidor de pantalla y escribir en dispositivo X.Org /dev/xf86, lo cual permite a usuarios locales con privilegios de root reducir el nivel de seguridad reemplazando el manejador del Modo de Administraci\u00f3n de Sistema (System Management Mode o SMM) mediante una escritura a una direcci\u00f3n SMRAM dentro de /dev/xf86 (esto es el rango de E/S mapeado en memoria para la tarjeta de v\u00eddeo), y entonces lanzando el nuevo manejador mediante una Interrupci\u00f3n de Administraci\u00f3n de Sistema (System Management Interrupt o SMI), tal y como se ha demostrado con una escritura al puerto de E/S Programada 0xB2."}], "id": "CVE-2006-6730", "lastModified": "2024-11-21T00:23:30.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 2.7, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-26T23:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.freedesktop.org/archives/xorg/2004-June/000927.html"}, {"source": "cve@mitre.org", "url": "http://www.cansecwest.com/slides06/csw06-duflot.ppt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/454379/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/454510/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/454706/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.freedesktop.org/archives/xorg/2004-June/000927.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.cansecwest.com/slides06/csw06-duflot.ppt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/454379/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/454510/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/454706/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}