CVE-2006-6304

kernel: use flag in do_coredump()

Severity Score

7.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.

La función do_coredump en fs/exec.c del Kernel Linux 2.6.19.1, marca la bandera O_EXCL pero no la usa, lo cual permite a atacantes dependientes del contexto modificar ficheros de su elección mediante un ataque de sobreescritura durante un volcado de memoria.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-12-05 CVE Reserved
2006-12-14 CVE Published
2024-08-07 CVE Updated
2024-12-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors

CAPEC

References (12)

URL	Tag	Source
http://support.avaya.com/css/P8/documents/100073666	X_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19.1	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10797	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7446	Signature

URL	Date	SRC

URL	Date	SRC
http://www.securityfocus.com/bid/21591	2017-10-11

URL	Date	SRC
http://secunia.com/advisories/23349	2017-10-11
http://www.trustix.org/errata/2006/0074	2017-10-11
http://www.vupen.com/english/advisories/2006/5002	2017-10-11
https://rhn.redhat.com/errata/RHSA-2010-0046.html	2017-10-11
https://rhn.redhat.com/errata/RHSA-2010-0095.html	2017-10-11
https://access.redhat.com/security/cve/CVE-2006-6304	2010-01-19
https://bugzilla.redhat.com/show_bug.cgi?id=537273	2010-01-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.19 Search vendor "Linux" for product "Linux Kernel" and version "2.6.19"		-		Affected