Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2006-1524 | First vendor Publication | 2006-04-19 |
| Vendor | Cve | Last vendor Modification | 2017-07-20 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 3.6 | Attack Range | Local |
| Cvss Impact Score | 4.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1524 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 1097-1 (kernel-source-2.4.27) File : nvt/deb_1097_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1103-1 (kernel-source-2.6.8) File : nvt/deb_1103_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 24714 | Linux Kernel madvise_remove IPC Permission Bypass The Linux Kernel contains a flaw that may allow a malicious user to bypass IPC permissions. The issue is triggered because a 'madvise_remove' call does not follow file and mmap restrictions. It is possible that the flaw may allow an attacker to bypass IPC permissions and replace portions of readonly TMPFS files with zeroes, resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1097.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1103.nasl - Type : ACT_GATHER_INFO |
| 2006-04-21 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-421.nasl - Type : ACT_GATHER_INFO |
| 2006-04-21 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-423.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-02-02 01:04:00 |
|
| 2024-02-01 12:01:53 |
|
| 2023-09-05 12:03:45 |
|
| 2023-09-05 01:01:44 |
|
| 2023-09-02 12:03:48 |
|
| 2023-09-02 01:01:45 |
|
| 2023-08-12 12:04:28 |
|
| 2023-08-12 01:01:45 |
|
| 2023-08-11 12:03:52 |
|
| 2023-08-11 01:01:47 |
|
| 2023-08-06 12:03:39 |
|
| 2023-08-06 01:01:46 |
|
| 2023-08-04 12:03:43 |
|
| 2023-08-04 01:01:48 |
|
| 2023-07-14 12:03:43 |
|
| 2023-07-14 01:01:47 |
|
| 2023-03-29 01:03:58 |
|
| 2023-03-28 12:01:51 |
|
| 2022-10-11 12:03:18 |
|
| 2022-10-11 01:01:38 |
|
| 2021-05-04 12:03:51 |
|
| 2021-04-22 01:04:24 |
|
| 2020-05-23 00:17:35 |
|
| 2017-07-20 09:23:28 |
|
| 2016-06-28 15:42:12 |
|
| 2016-04-26 14:27:27 |
|
| 2014-02-17 10:35:17 |
|
| 2013-05-11 10:52:55 |
|
