Rapid7 Vulnerability & Exploit Database

SUSE-SA:2006:049: kernel

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE-SA:2006:049: kernel

Severity

CVSS

(AV:L/AC:H/Au:N/C:C/I:C/A:C)

Published

08/18/2006

Created

07/25/2018

Added

03/10/2008

Modified

11/18/2015

Description

Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.

Solution(s)

References

https://attackerkb.com/topics/cve-2006-2451
18847
18874
18992
CVE - 2006-2451
CVE - 2006-2935
CVE - 2006-3626
DSA-1111
DSA-1183
DSA-1184
27030
27120
OVAL10060
OVAL10886
OVAL11336
RHSA-2006:0574
RHSA-2006:0617
RHSA-2006:0710
RHSA-2007:0012
RHSA-2007:0013
SUSE-SA:2006:042
SUSE-SA:2006:047
SUSE-SA:2006:049
SUSE-SA:2006:064
http://bugzilla.kernel.org/show_bug.cgi?id=2966
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195902
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:124
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:150
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:151
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.5
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.html
http://support.avaya.com/elmodocs2/security/ASA-2006-162.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm
http://support.avaya.com/elmodocs2/security/ASA-2007-078.htm
http://www.debian.org/security/2006/dsa-1111
http://www.debian.org/security/2006/dsa-1183
http://www.debian.org/security/2006/dsa-1184
http://www.frsirt.com/english/advisories/2006/2680
http://www.frsirt.com/english/advisories/2006/2699
http://www.frsirt.com/english/advisories/2006/2816
http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=0af184bb9f80edfbb94de46cb52e9592e5a547b0
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=0cb8f20d000c25118947fcafa81606300ced35f8;hp=243a94af0427b2630fb85f489a5419410dac3bfc;hb=18b0bbd8ca6d3cb90425aa0d77b99a762c6d6de3;f=fs/proc/base.c
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.24
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.4
http://www.mandriva.com/security/advisories?name=MDKSA-2006:124
http://www.mandriva.com/security/advisories?name=MDKSA-2006:150
http://www.mandriva.com/security/advisories?name=MDKSA-2006:151
http://www.novell.com/linux/security/advisories/2006_42_kernel.html
http://www.novell.com/linux/security/advisories/2006_49_kernel.html
http://www.securityfocus.com/archive/1/439610/100/100/threaded
http://www.securityfocus.com/archive/1/archive/1/439483/100/100/threaded
http://www.securityfocus.com/archive/1/archive/1/439869/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/440057/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/440117/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/440118/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/440300/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/440379/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/444887/100/0/threaded
http://www.ubuntu.com/usn/usn-311-1
http://www.ubuntu.com/usn/usn-319-2
http://www.ubuntu.com/usn/usn-331-1
http://www.ubuntu.com/usn/usn-346-1
http://www.ubuntulinux.org/support/documentation/usn/usn-319-1
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197670
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198973
https://issues.rpath.com/browse/RPL-488
https://issues.rpath.com/browse/RPL-611
27579
27790

Advanced vulnerability management analytics and reporting.

Key Features

Lightweight Endpoint Agent
Live Dashboards
Real Risk Prioritization
IT-Integrated Remediation Projects
Cloud, Virtual, and Container Assessment
Integrated Threat Feeds
Easy-to-Use RESTful API
Automation-Assisted Patching
Automated Containment

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;