3.6

CVE-2006-1524

madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability.  NOTE: this description was originally written in a way that combined two separate issues.  The mprotect issue now has a separate name, CVE-2006-2071.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version2.6.16
LinuxLinux Kernel Version2.6.16.1
LinuxLinux Kernel Version2.6.16.2
LinuxLinux Kernel Version2.6.16.3
LinuxLinux Kernel Version2.6.16.4
LinuxLinux Kernel Version2.6.16.5
LinuxLinux Kernel Version2.6.16.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.339
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.6 3.9 4.9
AV:L/AC:L/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/20914
Vendor Advisory
http://www.debian.org/security/2006/dsa-1103
http://www.vupen.com/english/advisories/2006/2554
Vendor Advisory
http://secunia.com/advisories/20398
Vendor Advisory
http://www.novell.com/linux/security/advisories/2006-05-31.html
http://secunia.com/advisories/20671
Vendor Advisory
http://www.debian.org/security/2006/dsa-1097
http://lwn.net/Alerts/180820/
http://secunia.com/advisories/19735
Vendor Advisory
http://www.vupen.com/english/advisories/2006/1475
Vendor Advisory
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6
http://secunia.com/advisories/19657
Patch
Vendor Advisory
http://secunia.com/advisories/19664
Vendor Advisory
http://www.osvdb.org/24714
http://www.securityfocus.com/bid/17587
Patch
http://www.vupen.com/english/advisories/2006/1391
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25870