Information exposure in Linux kernel - CVE-2006-4813
Published: October 12, 2006 / Updated: February 13, 2023
Vulnerability identifier: #VU99893
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2006-4813
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to gain access to sensitive information.
The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13 does not properly clear buffers during certain error conditions, which allows local users to read portions of files that have been unlinked.
How to mitigate CVE-2006-4813
Install update from vendor's repository.
Sources
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207463
- http://www.us.debian.org/security/2006/dsa-1233
- http://www.ubuntu.com/usn/usn-395-1
- http://secunia.com/advisories/23370
- http://secunia.com/advisories/23384
- http://www.novell.com/linux/security/advisories/2006_79_kernel.html
- http://www.securityfocus.com/bid/21522
- http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm
- http://rhn.redhat.com/errata/RHSA-2007-0014.html
- http://secunia.com/advisories/23752
- http://secunia.com/advisories/23997
- http://secunia.com/advisories/24206
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:012
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:025
- http://secunia.com/advisories/23474
- http://osvdb.org/31376
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11701
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=152becd26e0563aefdbc4fd1fe491928efe92d1f