[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-6304Date: (C)2006-12-14   (M)2024-02-22


The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
2006-0074
BID-21591
SECUNIA-23349
ADV-2006-5002
IAVM:2010-A-0015
RHSA-2010:0046
RHSA-2010:0095
http://support.avaya.com/css/P8/documents/100073666
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19.1

CPE    1
cpe:/o:linux:linux_kernel:2.6.19
CWE    1
CWE-399
OVAL    3
oval:org.secpod.oval:def:201720
oval:org.secpod.oval:def:201799
oval:org.secpod.oval:def:500393

© SecPod Technologies