2.1

CVE-2007-6206

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.4.0 <= 2.4.35.2
LinuxLinux Kernel Version >= 2.6.0 < 2.6.24
LinuxLinux Kernel Version2.6.24 Update-
LinuxLinux Kernel Version2.6.24 Updaterc1
LinuxLinux Kernel Version2.6.24 Updaterc2
LinuxLinux Kernel Version2.6.24 Updaterc3
OpensuseOpensuse Version10.2
OpensuseOpensuse Version10.3
SuseLinux Enterprise Desktop Version10 Updatesp1
SuseLinux Enterprise Real Time Extension Version10 Updatesp1
SuseLinux Enterprise Server Version10 Updatesp1
RedhatEnterprise Linux Eus Version4.6
DebianDebian Linux Version3.1
DebianDebian Linux Version4.0
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version6.10
CanonicalUbuntu Linux Version7.04
CanonicalUbuntu Linux Version7.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.338
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://secunia.com/advisories/29058
Third Party Advisory
http://www.debian.org/security/2008/dsa-1503
Third Party Advisory
http://secunia.com/advisories/33280
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0787.html
Third Party Advisory
http://www.debian.org/security/2008/dsa-1504
Third Party Advisory
http://secunia.com/advisories/28141
Third Party Advisory
http://secunia.com/advisories/28706
Third Party Advisory
http://secunia.com/advisories/28971
Third Party Advisory
http://www.debian.org/security/2007/dsa-1436
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:112
Third Party Advisory
http://www.ubuntu.com/usn/usn-574-1
Third Party Advisory
http://www.ubuntu.com/usn/usn-578-1
Third Party Advisory
http://lists.vmware.com/pipermail/security-announce/2008/000023.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/30110
Third Party Advisory
http://secunia.com/advisories/31246
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0211.html
Third Party Advisory
http://www.vupen.com/english/advisories/2008/2222/references
Third Party Advisory
http://secunia.com/advisories/28643
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0089.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/28826
Third Party Advisory
http://secunia.com/advisories/30818
Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048
Broken Link
http://www.securityfocus.com/archive/1/487808/100/0/threaded
Third Party Advisory
VDB Entry
http://www.mandriva.com/security/advisories?name=MDVSA-2008:044
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2008-0055.html
Third Party Advisory
http://secunia.com/advisories/28748
Third Party Advisory
http://secunia.com/advisories/30962
Third Party Advisory
http://bugzilla.kernel.org/show_bug.cgi?id=3043
Vendor Advisory
Issue Tracking
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=c46f739dd39db3b07ab5deb4e3ec81e1c04a91af
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/27908
Third Party Advisory
http://secunia.com/advisories/28889
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:086
Third Party Advisory
http://www.securityfocus.com/bid/26701
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2007/4090
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/38841
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10719
Third Party Advisory