1. CVE-Search
  2. CVE-2006-3626
ID CVE-2006-3626
Summary Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16:rc1:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16:rc1:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16:rc2:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16:rc2:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16:rc3:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16:rc3:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16:rc4:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16:rc4:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16:rc5:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16:rc5:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16:rc6:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16:rc6:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.3:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.3:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.4:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.4:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.5:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.5:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.6:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.6:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.7:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.7:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.8:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.8:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.9:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.9:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.10:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.10:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.11:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.11:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.12:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.12:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.13:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.13:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.14:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.14:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.15:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.15:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.16:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.16:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.17:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.17:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.18:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.18:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.19:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.19:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.20:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.20:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.21:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.21:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.22:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.22:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.23:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.23:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.16.24:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16.24:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.17:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.17:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.17:rc1:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.17:rc1:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.17:rc2:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.17:rc2:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.17:rc3:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.17:rc3:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.17:rc4:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.17:rc4:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.17:rc5:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.17:rc5:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.17:rc6:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.17:rc6:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.17.1:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.17.1:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.17.2:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.17.2:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.17.3:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.17.3:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.17.4:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.17.4:*:*:*:*:*:*:*
CVSS
Base: 6.2 (as of 18-10-2018 - 16:48)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:H/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:01:02.294-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.
family unix
id oval:org.mitre.oval:def:10060
status accepted
submitted 2010-07-09T03:56:16-04:00
title Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.
version 29
redhat via4
advisories
rhsa
id RHSA-2006:0617
rpms
  • kernel-0:2.6.9-42.0.2.EL
  • kernel-debuginfo-0:2.6.9-42.0.2.EL
  • kernel-devel-0:2.6.9-42.0.2.EL
  • kernel-doc-0:2.6.9-42.0.2.EL
  • kernel-hugemem-0:2.6.9-42.0.2.EL
  • kernel-hugemem-devel-0:2.6.9-42.0.2.EL
  • kernel-largesmp-0:2.6.9-42.0.2.EL
  • kernel-largesmp-devel-0:2.6.9-42.0.2.EL
  • kernel-smp-0:2.6.9-42.0.2.EL
  • kernel-smp-devel-0:2.6.9-42.0.2.EL
refmap via4
bid 18992
bugtraq 20060717 rPSA-2006-0130-1 kernel
confirm
debian DSA-1111
fulldisc 20060714 Linux kernel 0day - dynamite inside, don't burn your fingers
mandriva MDKSA-2006:124
osvdb 27120
secunia
  • 21041
  • 21057
  • 21073
  • 21119
  • 21123
  • 21179
  • 21498
  • 21605
  • 22174
suse
  • SUSE-SA:2006:042
  • SUSE-SA:2006:047
  • SUSE-SA:2006:049
  • SUSE-SR:2006:017
ubuntu
  • USN-319-1
  • USN-319-2
vupen ADV-2006-2816
xf linux-proc-race-condition(27790)
statements via4
contributor Mark J Cox
lastmodified 2006-07-19
organization Red Hat
statement This vulnerability does not affect Red Hat Enterprise Linux 2.1 or 3 as they are based on 2.4 kernels. The exploit relies on the kernel supporting the a.out binary format. Red Hat Enterprise Linux 4, Fedora Core 4, and Fedora Core 5 do not support the a.out binary format, causing the exploit to fail. We are not currently aware of any way to exploit this vulnerability if a.out binary format is not enabled. In addition, a default installation of these OS enables SELinux in enforcing mode. SELinux also completely blocks attempts to exploit this issue. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198973#c10
Last major update 18-10-2018 - 16:48
Published 18-07-2006 - 15:46
Last modified 18-10-2018 - 16:48
Back to Top