#VU95460 Race condition in Linux kernel - CVE-2006-3626
Vulnerability identifier: #VU95460
Vulnerability risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-362
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to execute arbitrary code.
Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.
Mitigation
Install update from vendor's repository.
Vulnerable software versions
Linux kernel: All versions
External links
https://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.5
https://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.html
https://secunia.com/advisories/21041
https://secunia.com/advisories/21057
https://secunia.com/advisories/21073
https://secunia.com/advisories/21119
https://secunia.com/advisories/21123
https://secunia.com/advisories/21179
https://secunia.com/advisories/21498
https://secunia.com/advisories/21605
https://secunia.com/advisories/22174
https://support.avaya.com/elmodocs2/security/ASA-2006-203.htm
https://www.debian.org/security/2006/dsa-1111
https://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=0cb8f20d000c25118947fcafa81606300ced35f8;hp=243a94af0427b2630fb85f489a5419410dac3bfc;hb=18b0bbd8ca6d3cb90425aa0d77b99a762c6d6de3;f=fs/proc/base.c
https://www.mandriva.com/security/advisories?name=MDKSA-2006:124
https://www.novell.com/linux/security/advisories/2006_17_sr.html
https://www.novell.com/linux/security/advisories/2006_42_kernel.html
https://www.novell.com/linux/security/advisories/2006_47_kernel.html
https://www.novell.com/linux/security/advisories/2006_49_kernel.html
https://www.osvdb.org/27120
https://www.redhat.com/support/errata/RHSA-2006-0617.html
https://www.securityfocus.com/archive/1/440300/100/0/threaded
https://www.securityfocus.com/bid/18992
https://www.ubuntu.com/usn/usn-319-2
https://www.vupen.com/english/advisories/2006/2816
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198973
https://exchange.xforce.ibmcloud.com/vulnerabilities/27790
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10060
https://usn.ubuntu.com/319-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
