Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.2
CVSSv2

CVE-2006-3626

Published: 18/07/2006 Updated: 07/11/2023
CVSS v2 Base Score: 6.2 | Impact Score: 10 | Exploitability Score: 1.9
VMScore: 560
Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Subscribe to Linux Kernel

Vulnerability Summary

Race condition in Linux kernel 2.6.17.4 and previous versions allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 2.6.17

linux linux kernel 2.6.16.16

linux linux kernel 2.6.16.9

linux linux kernel 2.6.16.6

linux linux kernel 2.6.16.8

linux linux kernel 2.6.16

linux linux kernel 2.6.17.2

linux linux kernel 2.6.17.4

linux linux kernel 2.6.16.18

linux linux kernel 2.6.16.13

linux linux kernel 2.6.16.4

linux linux kernel 2.6.17.3

linux linux kernel 2.6.16.15

linux linux kernel 2.6.16.1

linux linux kernel 2.6.16.11

linux linux kernel 2.6.16.14

linux linux kernel 2.6.16.21

linux linux kernel 2.6.16.23

linux linux kernel 2.6.16.3

linux linux kernel 2.6.17.1

linux linux kernel 2.6.16.22

linux linux kernel 2.6.16.10

linux linux kernel 2.6.16.24

linux linux kernel 2.6.16.17

linux linux kernel 2.6.16.12

linux linux kernel 2.6.16.2

linux linux kernel 2.6.16.7

linux linux kernel 2.6.16.5

linux linux kernel 2.6.16.19

linux linux kernel 2.6.16.20

Vendor Advisories

Ubuntu Security Notice: linux-source-2.6.10, linux-source-2.6.12 vulnerability
USN-319-1 fixed a Linux kernel vulnerability in Ubuntu 606 LTS This followup advisory provides the corresponding updates for Ubuntu 504 and 510 ...
Ubuntu Security Notice: linux-source-2.6.15 vulnerability
A race condition has been discovered in the file permission handling of the /proc file system A local attacker could exploit this to execute arbitrary code with full root privileges ...
Debian Security Advisories: DSA-1111-2 kernel-source-2.6.8 -- race condition
It was discovered that a race condition in the process filesystem can lead to privilege escalation The following matrix explains which kernel version for which architecture fixes the problem mentioned above: Debian 31 (sarge) Source 268-16sarge4 Alpha architecture 268-16sarge4 AMD64 architecture 268-16sarge4 Intel I ...

References

NVD-CWE-Otherhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.htmlhttp://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.5https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198973http://www.ubuntu.com/usn/usn-319-2http://www.securityfocus.com/bid/18992http://secunia.com/advisories/21041http://secunia.com/advisories/21073http://secunia.com/advisories/21119http://www.debian.org/security/2006/dsa-1111http://www.novell.com/linux/security/advisories/2006_17_sr.htmlhttp://secunia.com/advisories/21123http://www.novell.com/linux/security/advisories/2006_42_kernel.htmlhttp://secunia.com/advisories/21179http://secunia.com/advisories/21057http://www.novell.com/linux/security/advisories/2006_47_kernel.htmlhttp://www.novell.com/linux/security/advisories/2006_49_kernel.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0617.htmlhttp://secunia.com/advisories/21605http://support.avaya.com/elmodocs2/security/ASA-2006-203.htmhttp://secunia.com/advisories/22174http://www.osvdb.org/27120http://secunia.com/advisories/21498http://www.mandriva.com/security/advisories?name=MDKSA-2006:124http://www.vupen.com/english/advisories/2006/2816https://exchange.xforce.ibmcloud.com/vulnerabilities/27790https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10060https://usn.ubuntu.com/319-1/http://www.securityfocus.com/archive/1/440300/100/0/threadedhttp://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=blobdiff%3Bh=0cb8f20d000c25118947fcafa81606300ced35f8%3Bhp=243a94af0427b2630fb85f489a5419410dac3bfc%3Bhb=18b0bbd8ca6d3cb90425aa0d77b99a762c6d6de3%3Bf=fs/proc/base.chttps://nvd.nist.govhttps://usn.ubuntu.com/319-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook