fkie_cve-2006-3626
Vulnerability from fkie_nvd
Published
2006-07-18 15:46
Modified
2025-04-03 01:03
Severity ?
Summary
Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "34E60197-56C3-485C-9609-B1C4A0E0FCB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D1369C4A-EF3B-4805-9046-ADA38ED940C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CC3639E1-B5E4-4DD6-80D4-BA07D192C42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:rc3:*:*:*:*:*:*",
"matchCriteriaId": "54393D69-B368-4296-9798-D81570495C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6791A801-9E06-47DD-912F-D8594E2F6B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:rc5:*:*:*:*:*:*",
"matchCriteriaId": "AE90CCED-3A5B-46E3-A6B0-4865AB786289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:rc6:*:*:*:*:*:*",
"matchCriteriaId": "CBFF6DE7-6D7C-469A-9B2D-2F6E915F55B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86E452E4-45A9-4469-BF69-F40B6598F0EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5751AC4-A60F-42C6-88E5-FC8CFEE6F696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF886A6-7E73-47AD-B6A5-A9EC5BEDCD0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48777A01-8F36-4752-8F7A-1D1686C69A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42DA6A18-5AA1-4920-94C6-8D0BB73C5352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "992EA5DE-5A5B-4782-8B5A-BDD8D6FB1E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E51F0211-2D3E-4260-AD63-E83AE4EC4AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4E1245-C6BB-462C-9E27-C608595DAE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.9:*:*:*:*:*:*:*",
"matchCriteriaId": "747F1324-AEFA-496F-9447-12CD13114F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.10:*:*:*:*:*:*:*",
"matchCriteriaId": "795C3B17-687E-4F33-AA99-8FEC16F14693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F2BDD5C7-9B6A-41B5-8679-5062B8A6E11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.12:*:*:*:*:*:*:*",
"matchCriteriaId": "190D5E2C-AD60-41F4-B29D-FB8EA8CB5FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6B81A4DD-2ADE-4455-B517-5E4E0532D5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4BD589CC-666B-4FAA-BCF0-91C484BDDB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD622EE-A840-42E1-B6BF-4AA27D039B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.16:*:*:*:*:*:*:*",
"matchCriteriaId": "900D6742-DE0F-45C5-A812-BF84088CB02A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.17:*:*:*:*:*:*:*",
"matchCriteriaId": "225CA94C-8C84-4FA6-95D0-160A0016FBFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.18:*:*:*:*:*:*:*",
"matchCriteriaId": "D88ED3C4-64C5-44B2-9F23-E16087046C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.19:*:*:*:*:*:*:*",
"matchCriteriaId": "03FB31E5-190C-489A-AB30-910D2CC854F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.20:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4A781A-4A41-466F-8426-10B40CF8BA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.21:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED29B3F-456B-4767-8E59-8C19A3B7E1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F6316369-B54A-4E59-A022-E0610353B284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.23:*:*:*:*:*:*:*",
"matchCriteriaId": "073C3CE0-E12D-4545-8460-5A1514271D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.24:*:*:*:*:*:*:*",
"matchCriteriaId": "670FAA25-A86F-4E04-A3A0-0B3FF6CF9C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9E86E13B-EC92-47F3-94A9-DB515313011D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "980A6C7D-6175-4A44-8377-74AA7A9FD108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5C226902-04D9-4F32-866C-20225841ECF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C6EDD210-6E7B-4BD8-96C2-2C22FEE7DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc4:*:*:*:*:*:*",
"matchCriteriaId": "655DB612-AF49-4C17-AFB9-2E33EE8E0572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc5:*:*:*:*:*:*",
"matchCriteriaId": "7EE30F34-EE81-4E1E-BF9F-A7A36B78B897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc6:*:*:*:*:*:*",
"matchCriteriaId": "E1F65DF2-2794-47B7-9676-CCF150683CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB3068F-2F64-4BBC-BA3C-FB56A2FBED50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6555D45B-D3B3-4455-AB1E-E513F9FB6139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA5E262-7825-496F-AA72-0AD6DE6F3C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "56C6C01B-4CED-4F37-A415-0603496C27DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en Linux kernel 2.6.17.4 y anteriores permite a usuarios locales ganar privilegios de root a trav\u00e9s del uso de prctl con PR_SET_DUMPABLE en un camino que hace que /proc/self/environ llegue a tener el setuid de root."
}
],
"id": "CVE-2006-3626",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-18T15:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.5"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21041"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21057"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21073"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21119"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21123"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21179"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21498"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21605"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22174"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1111"
},
{
"source": "cve@mitre.org",
"url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=blobdiff%3Bh=0cb8f20d000c25118947fcafa81606300ced35f8%3Bhp=243a94af0427b2630fb85f489a5419410dac3bfc%3Bhb=18b0bbd8ca6d3cb90425aa0d77b99a762c6d6de3%3Bf=fs/proc/base.c"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:124"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_42_kernel.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_47_kernel.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_49_kernel.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27120"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0617.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/440300/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18992"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-319-2"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2816"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198973"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27790"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10060"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/319-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=blobdiff%3Bh=0cb8f20d000c25118947fcafa81606300ced35f8%3Bhp=243a94af0427b2630fb85f489a5419410dac3bfc%3Bhb=18b0bbd8ca6d3cb90425aa0d77b99a762c6d6de3%3Bf=fs/proc/base.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_42_kernel.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_47_kernel.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_49_kernel.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0617.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/440300/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-319-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/319-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This vulnerability does not affect Red Hat Enterprise Linux 2.1 or 3 as they are based on 2.4 kernels.\n\nThe exploit relies on the kernel supporting the a.out binary format. Red Hat Enterprise Linux 4, Fedora Core 4, and Fedora Core 5 do not support the a.out binary format, causing the exploit to fail. We are not currently\naware of any way to exploit this vulnerability if a.out binary format is not enabled. In addition, a default installation of these OS enables SELinux in enforcing mode. SELinux also completely blocks attempts to exploit this issue.\n\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198973#c10",
"lastModified": "2006-07-19T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…