Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2006-2451

Published: 07/07/2006 Updated: 07/11/2023
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 485
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Linux

Vulnerability Summary

The suid_dumpable support in Linux kernel 2.6.13 up to versions prior to 2.6.17.4, and 2.6.16 prior to 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions.

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 2.6.17

linux linux kernel 2.6.16.16

linux linux kernel 2.6.16.9

linux linux kernel 2.6.14

linux linux kernel 2.6.15.3

linux linux kernel 2.6.16.6

linux linux kernel 2.6.16.8

linux linux kernel 2.6.16

linux linux kernel 2.6.14.7

linux linux kernel 2.6.13

linux linux kernel 2.6.17.2

linux linux kernel 2.6.15

linux linux kernel 2.6.13.3

linux linux kernel 2.6.14.4

linux linux kernel 2.6.16.18

linux linux kernel 2.6.14.3

linux linux kernel 2.6.16.13

linux linux kernel 2.6.16.4

linux linux kernel 2.6.17.3

linux linux kernel 2.6.16.15

linux linux kernel 2.6.15.6

linux linux kernel 2.6.15.1

linux linux kernel 2.6.16.1

linux linux kernel 2.6.14.5

linux linux kernel 2.6.13.2

linux linux kernel 2.6.13.5

linux linux kernel 2.6.16.11

linux linux kernel 2.6.16.14

linux linux kernel 2.6.16.21

linux linux kernel 2.6.14.1

linux linux kernel 2.6.16.23

linux linux kernel 2.6.15.7

linux linux kernel 2.6.16.3

linux linux kernel 2.6.14.6

linux linux kernel 2.6.17.1

linux linux kernel 2.6.13.4

linux linux kernel 2.6.15.2

linux linux kernel 2.6.16.22

linux linux kernel 2.6.16.10

linux linux kernel 2.6.15.4

linux linux kernel 2.6.16.17

linux linux kernel 2.6.16.12

linux linux kernel 2.6.16.2

linux linux kernel 2.6.14.2

linux linux kernel 2.6.16.7

linux linux kernel 2.6.16.5

linux linux kernel 2.6.16.19

linux linux kernel 2.6.16.20

linux linux kernel 2.6.15.5

linux linux kernel 2.6.13.1

Vendor Advisories

Ubuntu Security Notice: linux-source-2.6.10/-2.6.12/-2.6.15 vulnerabilities
A race condition was discovered in the do_add_counters() functions Processes which do not run with full root privileges, but have the CAP_NET_ADMIN capability can exploit this to crash the machine or read a random piece of kernel memory In Ubuntu there are no packages that are affected by this, so this can only be an issue for you if you use thi ...

Exploits

Exploit DB: Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Local Privilege Escalation (1)
/*****************************************************/ /* Local r00t Exploit for: */ /* Linux Kernel PRCTL Core Dump Handling */ /* ( BID 18874 / CVE-2006-2451 ) */ /* Kernel 26x (&gt;= 2613 &amp;&amp; &lt; 26174) */ /* By: */ ...
Exploit DB: Linux Kernel 2.6.13 < 2.6.17.4 - 'logrotate prctl()' Local Privilege Escalation
/* * $Id: raptor_prctl2c,v 13 2006/07/18 13:16:45 raptor Exp $ * * raptor_prctl2c - Linux 26x suid_dumpable2 (logrotate) * Copyright (c) 2006 Marco Ivaldi &lt;raptor@0xdeadbeefinfo&gt; * * The suid_dumpable support in Linux kernel 2613 up to versions before * 26174, and 2616 before 261624, allows a local user to ...
Exploit DB: Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Local Privilege Escalation (4)
#!/bin/sh # # PRCTL local root exp By: Sunix # + effected systems 2613&lt;= x &lt;=26174 + 269-22ELsmp # tested on Intel(R) Xeon(TM) CPU 320GHz # kernel 269-22ELsmp # maybe others # Tx to drayer &amp; RoMaNSoFt for their clear code # # zmia23@yahoocom cat &gt; /tmp/getsuidc &lt;&lt; __EOF__ #include &lt;stdioh&gt; #include & ...
Exploit DB: Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Local Privilege Escalation (3)
/* * $Id: raptor_prctlc,v 11 2006/07/13 14:21:43 raptor Exp $ * * raptor_prctlc - Linux 26x suid_dumpable vulnerability * Copyright (c) 2006 Marco Ivaldi &lt;raptor@0xdeadbeefinfo&gt; * * The suid_dumpable support in Linux kernel 2613 up to versions before * 26174, and 2616 before 261624, allows a local user to cause a denia ...
Exploit DB: Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Local Privilege Escalation (2)
/* Linux &gt;= 2613 prctl kernel exploit * * (C) Julien TINNES * * If you read the Changelog from 2613 you've probably seen: * [PATCH] setuid core dump * * This patch mainly adds suidsafe to suid_dumpable sysctl but also a new per process, * user setable argument to PR_SET_DUMPABLE * * This flaw allows us to create a root owned co ...
Exploit DB: rs_prctl_kernel.c
Local root exploit for the linux kernel PRCTL core dump handling vulnerability Affected kernel versions greater than or equal to 2613 and below version 26174 ...
Exploit DB: Linux 2.6.17.4 logrotate prctl() Local Root
Linux kernel versions 2613 through 26174 logrotate prctl() local root exploit ...
Exploit DB: Linux 2.6.x suid_dumpable Local Root
The suid_dumpable support in Linux kernel 2613 up to versions before 26174, and 2616 before 261624, allows a local user to cause a denial of service (disk consumption) and POSSIBLY gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the us ...

References

CWE-399http://www.redhat.com/support/errata/RHSA-2006-0574.htmlhttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195902http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.24http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.4http://www.ubuntu.com/usn/usn-311-1http://www.securityfocus.com/bid/18874http://secunia.com/advisories/20953https://issues.rpath.com/browse/RPL-488http://www.osvdb.org/27030http://securitytracker.com/id?1016451http://secunia.com/advisories/20965http://secunia.com/advisories/20986http://secunia.com/advisories/20991http://www.securityfocus.com/archive/1/439610/100/100/threadedhttp://www.novell.com/linux/security/advisories/2006_16_sr.htmlhttp://www.novell.com/linux/security/advisories/2006_17_sr.htmlhttp://www.novell.com/linux/security/advisories/2006_42_kernel.htmlhttp://secunia.com/advisories/21179http://www.novell.com/linux/security/advisories/2006_47_kernel.htmlhttp://www.novell.com/linux/security/advisories/2006_49_kernel.htmlhttp://support.avaya.com/elmodocs2/security/ASA-2006-162.htmhttp://secunia.com/advisories/21966http://secunia.com/advisories/20960http://secunia.com/advisories/21498http://www.vupen.com/english/advisories/2006/2699https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11336http://www.securityfocus.com/archive/1/440379/100/0/threadedhttp://www.securityfocus.com/archive/1/440118/100/0/threadedhttp://www.securityfocus.com/archive/1/440117/100/0/threadedhttp://www.securityfocus.com/archive/1/440057/100/0/threadedhttp://www.securityfocus.com/archive/1/439869/100/0/threadedhttp://www.securityfocus.com/archive/1/439483/100/100/threadedhttp://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git%3Ba=commit%3Bh=0af184bb9f80edfbb94de46cb52e9592e5a547b0https://usn.ubuntu.com/311-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/2004/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook