CVE-2006-2071

Description

Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs.

CVSS Metrics

• v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 0.11%• Percentile: 28%

Affected Systems

• linux•linux_kernel

  2.4.0 | 2.4.0:test1 | 2.4.0:test10 | 2.4.0:test11 | 2.4.0:test12 | 2.4.0:test2 | 2.4.0:test3 | 2.4.0:test4 | 2.4.0:test5 | 2.4.0:test6 | 2.4.0:test7 | 2.4.0:test8 | 2.4.0:test9 | 2.4.1 | 2.4.2 | 2.4.3 | 2.4.4 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 | 2.4.9 | 2.4.10 | 2.4.11 | 2.4.12 | 2.4.13 | 2.4.14 | 2.4.15 | 2.4.16 | 2.4.17 | 2.4.18 | 2.4.18:pre1 | 2.4.18:pre2 | 2.4.18:pre3 | 2.4.18:pre4 | 2.4.18:pre5 | 2.4.18:pre6 | 2.4.18:pre7 | 2.4.18:pre8 | 2.4.19 | 2.4.19:pre1 | 2.4.19:pre2 | 2.4.19:pre3 | 2.4.19:pre4 | 2.4.19:pre5 | 2.4.19:pre6 | 2.4.20 | 2.4.21 | 2.4.21:pre1 | 2.4.21:pre4 | 2.4.21:pre7 | 2.4.22 | 2.4.23 | 2.4.23:pre9 | 2.4.23_ow2 | 2.4.24 | 2.4.24_ow1 | 2.4.25 | 2.4.26 | 2.4.27 | 2.4.27:pre1 | 2.4.27:pre2 | 2.4.27:pre3 | 2.4.27:pre4 | 2.4.27:pre5 | 2.4.28 | 2.4.29 | 2.4.29:rc1 | 2.4.29:rc2 | 2.4.30 | 2.4.30:rc2 | 2.4.30:rc3 | 2.4.31 | 2.4.31:pre1 | 2.4.32 | 2.4.32:pre1 | 2.4.32:pre2 | 2.4.33:pre1 | 2.6.0 | 2.6.0:test1 | 2.6.0:test10 | 2.6.0:test11 | 2.6.0:test2 | 2.6.0:test3 | 2.6.0:test4 | 2.6.0:test5 | 2.6.0:test6 | 2.6.0:test7 | 2.6.0:test8 | 2.6.0:test9 | 2.6.1 | 2.6.1:rc1 | 2.6.1:rc2 | 2.6.2 | 2.6.3 | 2.6.4 | 2.6.5 | 2.6.6 | 2.6.6:rc1 | 2.6.7 | 2.6.7:rc1 | 2.6.8 | 2.6.8:rc1 | 2.6.8:rc2 | 2.6.8:rc3 | 2.6.9:2.6.20 | 2.6.10 | 2.6.10:rc2 | 2.6.11 | 2.6.11:rc2 | 2.6.11:rc3 | 2.6.11:rc4 | 2.6.11.5 | 2.6.11.6 | 2.6.11.7 | 2.6.11.8 | 2.6.11.11 | 2.6.11.12 | 2.6.12:rc1 | 2.6.12:rc4 | 2.6.12:rc5 | 2.6.12.1 | 2.6.12.2 | 2.6.12.3 | 2.6.12.4 | 2.6.12.5 | 2.6.12.6 | 2.6.13 | 2.6.13:rc1 | 2.6.13:rc4 | 2.6.13:rc6 | 2.6.13:rc7 | 2.6.13.1 | 2.6.13.2 | 2.6.13.3 | 2.6.13.4 | 2.6.14 | 2.6.14:rc1 | 2.6.14:rc2 | 2.6.14:rc3 | 2.6.14:rc4 | 2.6.14.1 | 2.6.14.2 | 2.6.14.3 | 2.6.14.4 | 2.6.14.5 | 2.6.15 | 2.6.15:rc1 | 2.6.15:rc3 | 2.6.15.1 | 2.6.15.2 | 2.6.15.3 | 2.6.15.4 | 2.6.15.5 | 2.6.16 | 2.6_test9_cvs

References (31)

• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9978
• http://www.vupen.com/english/advisories/2006/4502
• https://exchange.xforce.ibmcloud.com/vulnerabilities/26169
• http://www.vupen.com/english/advisories/2006/1391
• http://www.redhat.com/support/errata/RHSA-2006-0579.html
• http://secunia.com/advisories/20716
• http://secunia.com/advisories/22875
• http://secunia.com/advisories/22292
• http://www.redhat.com/support/errata/RHSA-2006-0689.html
• http://www.vmware.com/download/esx/esx-202-200610-patch.html
• http://www.ubuntu.com/usn/usn-302-1
• http://www.securityfocus.com/archive/1/451426/100/200/threaded
• https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190073
• http://secunia.com/advisories/21035
• http://www.vmware.com/download/esx/esx-213-200610-patch.html
• http://www.redhat.com/support/errata/RHSA-2006-0580.html
• http://secunia.com/advisories/23064
• http://www.vmware.com/download/esx/esx-254-200610-patch.html
• http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm
• http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm
• http://secunia.com/advisories/22497
• http://www.securityfocus.com/archive/1/451404/100/0/threaded
• http://www.osvdb.org/25139
• http://secunia.com/advisories/22945
• http://www.redhat.com/support/errata/RHSA-2006-0710.html
• http://www.securityfocus.com/archive/1/451417/100/200/threaded
• http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b78b6af66a5fbaf17d7e6bfc32384df5e34408c8
• http://www.mandriva.com/security/advisories?name=MDKSA-2006:086
• http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6
• http://www.securityfocus.com/archive/1/451419/100/200/threaded
• http://secunia.com/advisories/20157