CVE-2006-5174 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-5174
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-5174

Description: The copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a bad address," which triggers a fault that prevents the unused memory from being cleared in the kernel buffer.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/29378 SUSE http://www.novell.com/linux/security/advisories/2006_79_kernel.html ST 1017090 SAID Secunia Advisory: SA23474 Secunia Advisory: SA24206 Secunia Advisory: SA23997 Secunia Advisory: SA22289 Secunia Advisory: SA23370 Secunia Advisory: SA23395 Secunia Advisory: SA23064 Secunia Advisory: SA22497 REDHAT http://rhn.redhat.com/errata/RHSA-2007-0014.html http://www.redhat.com/support/errata/RHSA-2006-0710.html MLIST http://lkml.org/lkml/2006/11/5/46 DEBIAN http://www.us.debian.org/security/2006/dsa-1237 http://www.us.debian.org/security/2006/dsa-1233 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=52149ba6b0ddf3e9d965257cc0513193650b3ea8 BID 20379

Return to the previous page.