Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-6304

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-6304
Last Modified 19 Mar 2012 12:00:00
Published 14 Dec 2006 03:28:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-6304

Summary

The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.19


References

BID - 21591

REDHAT - RHSA-2010:0095

REDHAT - RHSA-2010:0046

VUPEN - ADV-2006-5002

TRUSTIX - 2006-0074

CONFIRM - http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19.1

CONFIRM - http://support.avaya.com/css/P8/documents/100073666

SECUNIA - 23349


Last Updated: 27 May 2016 10:42:30