CVE-2006-4447

Name of the Vulnerable Software and Affected Versions: xdm versions prior to 1.0.4-r1

Description: The issue concerns multiple vulnerabilities in the xdm package, which can be exploited locally to compromise the confidentiality, integrity, and availability of protected information. Specifically, the X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, do not check the return values for setuid and seteuid calls when attempting to drop privileges. This might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.

Recommendations: For xdm versions prior to 1.0.4-r1, update to version 1.0.4-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to the xdm package to minimize the risk of exploitation.