Improper access control in Linux kernel - CVE-2006-5871
Published: December 12, 2006 / Updated: October 11, 2017
Vulnerability identifier: #VU95577
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2006-5871
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to read and manipulate data.
smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings.
How to mitigate CVE-2006-5871
Install update from vendor's repository.
Sources
- http://secunia.com/advisories/23361
- http://secunia.com/advisories/23370
- http://secunia.com/advisories/23395
- http://secunia.com/advisories/25683
- http://www.debian.org/security/2006/dsa-1233
- http://www.novell.com/linux/security/advisories/2007_35_kernel.html
- http://www.securityfocus.com/bid/21523
- http://www.us.debian.org/security/2006/dsa-1237
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10171