Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2006-2071

Disclosure Date: April 27, 2006
CVE-2006-2071
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • linux

Products

  • linux kernel 2.4.0,
  • linux kernel 2.4.1,
  • linux kernel 2.4.10,
  • linux kernel 2.4.11,
  • linux kernel 2.4.12,
  • linux kernel 2.4.13,
  • linux kernel 2.4.14,
  • linux kernel 2.4.15,
  • linux kernel 2.4.16,
  • linux kernel 2.4.17,
  • linux kernel 2.4.18,
  • linux kernel 2.4.19,
  • linux kernel 2.4.2,
  • linux kernel 2.4.20,
  • linux kernel 2.4.21,
  • linux kernel 2.4.22,
  • linux kernel 2.4.23,
  • linux kernel 2.4.23 ow2,
  • linux kernel 2.4.24,
  • linux kernel 2.4.24 ow1,
  • linux kernel 2.4.25,
  • linux kernel 2.4.26,
  • linux kernel 2.4.27,
  • linux kernel 2.4.28,
  • linux kernel 2.4.29,
  • linux kernel 2.4.3,
  • linux kernel 2.4.30,
  • linux kernel 2.4.31,
  • linux kernel 2.4.32,
  • linux kernel 2.4.33,
  • linux kernel 2.4.4,
  • linux kernel 2.4.5,
  • linux kernel 2.4.6,
  • linux kernel 2.4.7,
  • linux kernel 2.4.8,
  • linux kernel 2.4.9,
  • linux kernel 2.6 test9 cvs,
  • linux kernel 2.6.0,
  • linux kernel 2.6.1,
  • linux kernel 2.6.10,
  • linux kernel 2.6.11,
  • linux kernel 2.6.11.11,
  • linux kernel 2.6.11.12,
  • linux kernel 2.6.11.5,
  • linux kernel 2.6.11.6,
  • linux kernel 2.6.11.7,
  • linux kernel 2.6.11.8,
  • linux kernel 2.6.12,
  • linux kernel 2.6.12.1,
  • linux kernel 2.6.12.2,
  • linux kernel 2.6.12.3,
  • linux kernel 2.6.12.4,
  • linux kernel 2.6.12.5,
  • linux kernel 2.6.12.6,
  • linux kernel 2.6.13,
  • linux kernel 2.6.13.1,
  • linux kernel 2.6.13.2,
  • linux kernel 2.6.13.3,
  • linux kernel 2.6.13.4,
  • linux kernel 2.6.14,
  • linux kernel 2.6.14.1,
  • linux kernel 2.6.14.2,
  • linux kernel 2.6.14.3,
  • linux kernel 2.6.14.4,
  • linux kernel 2.6.14.5,
  • linux kernel 2.6.15,
  • linux kernel 2.6.15.1,
  • linux kernel 2.6.15.2,
  • linux kernel 2.6.15.3,
  • linux kernel 2.6.15.4,
  • linux kernel 2.6.15.5,
  • linux kernel 2.6.16,
  • linux kernel 2.6.2,
  • linux kernel 2.6.3,
  • linux kernel 2.6.4,
  • linux kernel 2.6.5,
  • linux kernel 2.6.6,
  • linux kernel 2.6.7,
  • linux kernel 2.6.8,
  • linux kernel 2.6.9

References

Canonical
CVE-2006-2071 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2071)
Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9978
ADV-2006-4502 (http://www.vupen.com/english/advisories/2006/4502)
XF-linux-mprotect-security-bypass(26169) (https://exchange.xforce.ibmcloud.com/vulnerabilities/26169)
ADV-2006-1391 (http://www.vupen.com/english/advisories/2006/1391)
http://www.redhat.com/support/errata/RHSA-2006-0579.html
SECUNIA-20716 (http://secunia.com/advisories/20716)
SECUNIA-22875 (http://secunia.com/advisories/22875)
SECUNIA-22292 (http://secunia.com/advisories/22292)
http://www.redhat.com/support/errata/RHSA-2006-0689.html
http://www.vmware.com/download/esx/esx-202-200610-patch.html
USN-302-1 (http://www.ubuntu.com/usn/usn-302-1)
20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2 (http://www.securityfocus.com/archive/1/451426/100/200/threaded)
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190073
SECUNIA-21035 (http://secunia.com/advisories/21035)
http://www.vmware.com/download/esx/esx-213-200610-patch.html
http://www.redhat.com/support/errata/RHSA-2006-0580.html
SECUNIA-23064 (http://secunia.com/advisories/23064)
http://www.vmware.com/download/esx/esx-254-200610-patch.html
http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm
SECUNIA-22497 (http://secunia.com/advisories/22497)
20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 (http://www.securityfocus.com/archive/1/451404/100/0/threaded)
OSVDB-25139 (http://www.osvdb.org/25139)
SECUNIA-22945 (http://secunia.com/advisories/22945)
http://www.redhat.com/support/errata/RHSA-2006-0710.html
20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 (http://www.securityfocus.com/archive/1/451417/100/200/threaded)
http://www.kernel.org/git?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b78b6af66a5fbaf17d7e6bfc32384df5e34408c8
http://www.mandriva.com/security/advisories?name=MDKSA-2006:086
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6
20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1 (http://www.securityfocus.com/archive/1/451419/100/200/threaded)
SECUNIA-20157 (http://secunia.com/advisories/20157)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis