SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2006-3626

Date: (C)2006-07-18 (M)2023-12-22

Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.2
Exploit Score: 1.9
Impact Score: 10.0

CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.html

http://www.securityfocus.com/archive/1/440300/100/0/threaded

SUSE-SA:2006:042

SUSE-SA:2006:047

SUSE-SA:2006:049

SUSE-SR:2006:017

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.5

http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm

http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=blobdiff%3Bh=0cb8f20d000c25118947fcafa81606300ced35f8%3Bhp=243a94af0427b2630fb85f489a5419410dac3bfc%3Bhb=18b0bbd8ca6d3cb90425aa0d77b99a762c6d6de3%3Bf=fs/proc/base.c

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198973

linux-proc-race-condition(27790)

oval:org.mitre.oval:def:10060

cpe:/o:linux:linux_kernel:2.6.17
cpe:/o:linux:linux_kernel:2.6.16
cpe:/o:linux:linux_kernel:2.6.16.19
cpe:/o:linux:linux_kernel:2.6.16.18
...

© SecPod Technologies