Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2006-3626

Disclosure Date: July 18, 2006
CVE-2006-3626
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • linux

Products

  • linux kernel 2.6.16,
  • linux kernel 2.6.16.1,
  • linux kernel 2.6.16.10,
  • linux kernel 2.6.16.11,
  • linux kernel 2.6.16.12,
  • linux kernel 2.6.16.13,
  • linux kernel 2.6.16.14,
  • linux kernel 2.6.16.15,
  • linux kernel 2.6.16.16,
  • linux kernel 2.6.16.17,
  • linux kernel 2.6.16.18,
  • linux kernel 2.6.16.19,
  • linux kernel 2.6.16.2,
  • linux kernel 2.6.16.20,
  • linux kernel 2.6.16.21,
  • linux kernel 2.6.16.22,
  • linux kernel 2.6.16.23,
  • linux kernel 2.6.16.24,
  • linux kernel 2.6.16.3,
  • linux kernel 2.6.16.4,
  • linux kernel 2.6.16.5,
  • linux kernel 2.6.16.6,
  • linux kernel 2.6.16.7,
  • linux kernel 2.6.16.8,
  • linux kernel 2.6.16.9,
  • linux kernel 2.6.17,
  • linux kernel 2.6.17.1,
  • linux kernel 2.6.17.2,
  • linux kernel 2.6.17.3,
  • linux kernel 2.6.17.4

References

Canonical
CVE-2006-3626 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3626)
BID-18992 (http://www.securityfocus.com/bid/18992)
Advisory
XF-linux-proc-race-condition(27790) (https://exchange.xforce.ibmcloud.com/vulnerabilities/27790)
ADV-2006-2816 (http://www.vupen.com/english/advisories/2006/2816)
http://www.novell.com/linux/security/advisories/2006_17_sr.html
http://www.novell.com/linux/security/advisories/2006_42_kernel.html
SECUNIA-21123 (http://secunia.com/advisories/21123)
http://www.redhat.com/support/errata/RHSA-2006-0617.html
SECUNIA-21057 (http://secunia.com/advisories/21057)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10060
SECUNIA-21605 (http://secunia.com/advisories/21605)
http://www.novell.com/linux/security/advisories/2006_47_kernel.html
SECUNIA-21073 (http://secunia.com/advisories/21073)
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.5
http://www.kernel.org/git?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=0cb8f20d000c25118947fcafa81606300ced35f8;hp=243a94af0427b2630fb85f489a5419410dac3bfc;hb=18b0bbd8ca6d3cb90425aa0d77b99a762c6d6de3;f=fs/proc/base.c
SECUNIA-22174 (http://secunia.com/advisories/22174)
OSVDB-27120 (http://www.osvdb.org/27120)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:124
20060714 Linux kernel 0day - dynamite inside, don't burn your fingers (http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.html)
USN-319-1 (https://usn.ubuntu.com/319-1)
DSA-1111 (http://www.debian.org/security/2006/dsa-1111)
SECUNIA-21498 (http://secunia.com/advisories/21498)
http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm
SECUNIA-21041 (http://secunia.com/advisories/21041)
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198973
USN-319-2 (http://www.ubuntu.com/usn/usn-319-2)
SECUNIA-21119 (http://secunia.com/advisories/21119)
http://www.novell.com/linux/security/advisories/2006_49_kernel.html
20060717 rPSA-2006-0130-1 kernel (http://www.securityfocus.com/archive/1/440300/100/0/threaded)
SECUNIA-21179 (http://secunia.com/advisories/21179)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis