CVE-2006-3626 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-3626
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3626

Description: Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/27790 UBUNTU http://www.ubuntu.com/usn/usn-319-2 http://www.ubuntulinux.org/support/documentation/usn/usn-319-1 SUSE http://www.novell.com/linux/security/advisories/2006_49_kernel.html http://www.novell.com/linux/security/advisories/2006_42_kernel.html http://www.novell.com/linux/security/advisories/2006_47_kernel.html http://www.novell.com/linux/security/advisories/2006_17_sr.html SAID Secunia Advisory: SA21119 Secunia Advisory: SA21041 Secunia Advisory: SA21073 Secunia Advisory: SA21123 Secunia Advisory: SA21179 Secunia Advisory: SA21057 Secunia Advisory: SA21605 Secunia Advisory: SA22174 Secunia Advisory: SA21498 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0617.html OSVDB 27120 MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:124 FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.html DEBIAN http://www.debian.org/security/2006/dsa-1111 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=0cb8f20d000c25118947fcafa81606300ced35f8;hp=243a94af0427b2630fb85f489a5419410dac3bfc;hb=18b0bbd8ca6d3cb90425aa0d77b99a762c6d6de3;f=fs/proc/base.c http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.5 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/440300/100/0/threaded BID 18992

Return to the previous page.