CVE-2007-6206 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-6206
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-6206

Description: The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/38841 UBUNTU http://www.ubuntu.com/usn/usn-578-1 http://www.ubuntu.com/usn/usn-574-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html SAID Secunia Advisory: SA28706 Secunia Advisory: SA28748 Secunia Advisory: SA28141 Secunia Advisory: SA27908 Secunia Advisory: SA28826 Secunia Advisory: SA28889 Secunia Advisory: SA28971 Secunia Advisory: SA29058 Secunia Advisory: SA28643 Secunia Advisory: SA30818 Secunia Advisory: SA30962 Secunia Advisory: SA31246 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0211.html http://rhn.redhat.com/errata/RHSA-2008-0055.html http://www.redhat.com/support/errata/RHSA-2008-0089.html MLIST http://lists.vmware.com/pipermail/security-announce/2008/000023.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:044 http://www.mandriva.com/security/advisories?name=MDVSA-2008:086 http://www.mandriva.com/security/advisories?name=MDVSA-2008:112 DEBIAN http://www.debian.org/security/2008/dsa-1504 http://www.debian.org/security/2008/dsa-1503 http://www.debian.org/security/2007/dsa-1436 CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=c46f739dd39db3b07ab5deb4e3ec81e1c04a91af http://bugzilla.kernel.org/show_bug.cgi?id=3043 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/487808/100/0/threaded BID 26701

Return to the previous page.