[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-1524Date: (C)2006-04-19   (M)2023-12-22


madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.6
Exploit Score: 3.9
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
BID-17587
SECUNIA-19657
SECUNIA-19664
SECUNIA-19735
SECUNIA-20398
SECUNIA-20671
SECUNIA-20914
OSVDB-24714
ADV-2006-1391
ADV-2006-1475
ADV-2006-2554
DSA-1097
DSA-1103
FEDORA-2006-423
SUSE-SA:2006:028
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6
linux-madvise-security-bypass(25870)

CPE    7
cpe:/o:linux:linux_kernel:2.6.16.5
cpe:/o:linux:linux_kernel:2.6.16.6
cpe:/o:linux:linux_kernel:2.6.16
cpe:/o:linux:linux_kernel:2.6.16.1
...
CWE    1
CWE-264

© SecPod Technologies