Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2007-6206

Опубликовано: 04 дек. 2007
Источник: nvd
CVSS2: 2.1
EPSS Низкий

Описание

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 2.4.0 (включая) до 2.4.35.2 (включая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 2.6.0 (включая) до 2.6.24 (исключая)
cpe:2.3:o:linux:linux_kernel:2.6.24:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.24:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.24:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.24:rc3:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_real_time_extension:10:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:4.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*

EPSS

Процентиль: 24%
0.00076
Низкий

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2007-6206

ubuntu
больше 17 лет назад

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.

redhat логотип

CVE-2007-6206

redhat
почти 21 год назад

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.

debian логотип

CVE-2007-6206

debian
больше 17 лет назад

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x ...

github логотип

GHSA-c42f-578r-22gx

github
около 3 лет назад

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.

oracle-oval логотип

ELSA-2008-0089

oracle-oval
больше 17 лет назад

ELSA-2008-0089: Important: kernel security and bug fix update (IMPORTANT)

EPSS

Процентиль: 24%
0.00076
Низкий

2.1 Low

CVSS2

Дефекты

CWE-200