[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-6206Date: (C)2007-12-03   (M)2024-02-22


The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
http://www.securityfocus.com/archive/1/487808/100/0/threaded
BID-26701
SECUNIA-27908
SECUNIA-28141
SECUNIA-28643
SECUNIA-28706
SECUNIA-28748
SECUNIA-28826
SECUNIA-28889
SECUNIA-28971
SECUNIA-29058
SECUNIA-30110
SECUNIA-30818
SECUNIA-30962
SECUNIA-31246
SECUNIA-33280
ADV-2007-4090
ADV-2008-2222
DSA-1436
DSA-1503
DSA-1504
MDVSA-2008:044
MDVSA-2008:086
MDVSA-2008:112
RHSA-2008:0055
RHSA-2008:0089
RHSA-2008:0211
RHSA-2008:0787
SUSE-SA:2008:007
SUSE-SA:2008:030
SUSE-SA:2008:032
USN-574-1
USN-578-1
http://lists.vmware.com/pipermail/security-announce/2008/000023.html
http://bugzilla.kernel.org/show_bug.cgi?id=3043
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=c46f739dd39db3b07ab5deb4e3ec81e1c04a91af
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048
kernel-core-dump-information-disclosure(38841)
oval:org.mitre.oval:def:10719

CPE    12
cpe:/o:linux:linux_kernel:2.6.24:rc3
cpe:/o:opensuse:opensuse:10.3
cpe:/o:linux:linux_kernel:2.6.24:rc1
cpe:/o:linux:linux_kernel:2.6.24:rc2
...
CWE    1
CWE-200
OVAL    5
oval:org.mitre.oval:def:8130
oval:org.mitre.oval:def:8063
oval:org.secpod.oval:def:301433
oval:org.secpod.oval:def:301393
...

© SecPod Technologies