PT-2004-3755 · Debian+2 · Debian+2

Published

1970-01-01

Updated

2020-08-12

CVE-2007-6206

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Debian GNU/Linux kernel-image-2.4.27-4-itanium version 2.4.27-4 Debian GNU/Linux kernel-pcmcia-modules-2.4.27-4-586tsc version 2.4.27-4 Debian GNU/Linux kernel-pcmcia-modules-2.4.27-4-686 version 2.4.27-4 Debian GNU/Linux kernel-pcmcia-modules-2.4.27-4-k7-smp version 2.4.27-4 Red Hat Enterprise Linux kernel-doc-2.4.9 version 2.4.9 Debian GNU/Linux kernel-headers-2.4.27-4-itanium-smp version 2.4.27-4 Debian GNU/Linux kernel-image-2.4.27-4-586tsc version 2.4.27-4 Debian GNU/Linux kernel-headers-2.4.27-4-sparc64 version 2.4.27-4 Debian GNU/Linux kernel-image-2.4.27-4-s390 version 2.4.27-4 Debian GNU/Linux kernel-headers-2.4.27-4-k7 version 2.4.27-4 Debian GNU/Linux kernel-headers-2.4.27-4-686-smp version 2.4.27-4 Red Hat Enterprise Linux kernel-BOOT-2.4.9 version 2.4.9 Debian GNU/Linux hostap-modules-2.4.27-4-386 version 2.4.27-4 Debian GNU/Linux kernel-image-2.4.27-4-s390-tape version 2.4.27-4 Red Hat Enterprise Linux kernel-smp-2.4.18 version 2.4.18 Debian GNU/Linux i2c-2.4.27-4-686 version 2.4.27-4 Debian GNU/Linux kernel-pcmcia-modules-2.4.27-4-k7 version 2.4.27-4 Debian GNU/Linux kernel-pcmcia-modules-2.4.27-4-386 version 2.4.27-4 Debian GNU/Linux hostap-modules-2.4.27-4-586tsc version 2.4.27-4 Debian GNU/Linux i2c-2.4.27-4-586tsc version 2.4.27-4 Debian GNU/Linux pcmcia-modules-2.4.27-4-686 version 2.4.27-4 Debian GNU/Linux lm-sensors-2.4.27-4-k6 version 2.4.27-4 Debian GNU/Linux kernel-headers-2.4.27-4-sparc64-smp version 2.4.27-4 Debian GNU/Linux kernel-build-2.4.27-4 version 2.4.27-4 Debian GNU/Linux pcmcia-modules-2.4.27-4-386 version 2.4.27-4 Red Hat Enterprise Linux kernel-source-2.4.18 version 2.4.18 Red Hat Enterprise Linux kernel-debug-2.4.9 version 2.4.9 Debian GNU/Linux kernel-pcmcia-modules-2.4.27-4-686-smp version 2.4.27-4 Red Hat Enterprise Linux kernel-headers-2.4.9 version 2.4.9 Debian GNU/Linux kernel-image-2.4.27-4-generic version 2.4.27-4 Debian GNU/Linux kernel-image-2.4.27-4-mckinley version 2.4.27-4 Debian GNU/Linux kernel-image-2.4.27-4-k7-smp version 2.4.27-4 Debian GNU/Linux lm-sensors-2.4.27-4-686-smp version 2.4.27-4 Debian GNU/Linux kernel-image-2.4.27-4-686-smp version 2.4.27-4 Debian GNU/Linux pcmcia-modules-2.4.27-4-k6 version 2.4.27-4 Debian GNU/Linux lm-sensors-2.4.27-4-586tsc version 2.4.27-4 Debian GNU/Linux hostap-modules-2.4.27-4-686 version 2.4.27-4 Debian GNU/Linux pcmcia-modules-2.4.27-4-686-smp version 2.4.27-4 Red Hat Enterprise Linux kernel-summit-2.4.9 version 2.4.9 Debian GNU/Linux lm-sensors-2.4.27-4-386 version 2.4.27-4 Debian GNU/Linux kernel-image-2.4.27-4-sparc64 version 2.4.27-4 Debian GNU/Linux kernel-image-2.4.27-4-sparc32 version 2.4.27-4 Debian GNU/Linux kernel-headers-2.4.27-4-586tsc version 2.4.27-4 Debian GNU/Linux kernel-headers-2.4.27-4-mckinley-smp version 2.4.27-4 Debian GNU/Linux kernel-image-2.4.27-4-itanium-smp version 2.4.27-4 Red Hat Enterprise Linux kernel-doc-2.4.18 version 2.4.18 Debian GNU/Linux kernel-image-2.4.27-4-k6 version 2.4.27-4 Debian GNU/Linux kernel-image-2.4.27-4-mckinley-smp version 2.4.27-4 Debian GNU/Linux pcmcia-modules-2.4.27-4-k7 version 2.4.27-4 Debian GNU/Linux hostap-modules-2.4.27-4-k7-smp version 2.4.27-4 Debian GNU/Linux kernel-image-2.4.27-4-686 version 2.4.27-4 Debian GNU/Linux lm-sensors-2.4.27-4-k7 version 2.4.27-4 Debian GNU/Linux kernel-image-2.4.27-4-smp version 2.4.27-4 Debian GNU/Linux kernel-headers-2.4.27-4-smp version 2.4.27-4 Debian GNU/Linux i2c-2.4.27-4-686-smp version 2.4.27-4 Debian GNU/Linux pcmcia-modules-2.4.27-4-586tsc version 2.4.27-4 Debian GNU/Linux i2c-2.4.27-4-k7 version 2.4.27-4 Debian GNU/Linux kernel-headers-2.4.27-4-generic version 2.4.27-4 Red Hat Enterprise Linux kernel-smp-2.4.9 version 2.4.9 Debian GNU/Linux kernel-headers-2.4.27-4-k7-smp version 2.4.27-4 Debian GNU/Linux kernel-image-2.4.27-4-s390x version 2.4.27-4 Debian GNU/Linux lm-sensors-2.4.27-4-k7-smp version 2.4.27-4 Red Hat Enterprise Linux kernel-2.4.9 version 2.4.9 Debian GNU/Linux kernel-headers-2.4.27-4-mckinley version 2.4.27-4 Debian GNU/Linux kernel-headers-2.4.27-4-686 version 2.4.27-4 Debian GNU/Linux kernel-image-2.4.27-4-k7 version 2.4.27-4 Red Hat Enterprise Linux kernel-enterprise-2.4.9 version 2.4.9 Debian GNU/Linux kernel-image-2.4.27-4-sparc64-smp version 2.4.27-4 Debian GNU/Linux i2c-2.4.27-4-k7-smp version 2.4.27-4 Debian GNU/Linux kernel-pcmcia-modules-2.4.27-4-k6 version 2.4.27-4 Debian GNU/Linux lm-sensors-2.4.27-4-686 version 2.4.27-4 Debian GNU/Linux kernel-headers-2.4.27-4 version 2.4.27-4 Debian GNU/Linux kernel-image-2.4.27-4-386 version 2.4.27-4 Debian GNU/Linux hostap-modules-2.4.27-4-k7 version 2.4.27-4 Red Hat Enterprise Linux kernel-2.4.18 version 2.4.18 Debian GNU/Linux kernel-headers-2.4.27-4-itanium version 2.4.27-4 Debian GNU/Linux hostap-modules-2.4.27-4-686-smp version 2.4.27-4 Debian GNU/Linux kernel-headers-2.4.27-4-sparc32 version 2.4.27-4 Debian GNU/Linux kernel-headers-2.4.27-4-k6 version 2.4.27-4 Debian GNU/Linux pcmcia-modules-2.4.27-4-k7-smp version 2.4.27-4 Debian GNU/Linux kernel-headers-2.4.27-4-sparc32-smp version 2.4.27-4 Debian GNU/Linux kernel-headers-2.4.27-4-386 version 2.4.27-4 Debian GNU/Linux i2c-2.4.27-4-k6 version 2.4.27-4 Red Hat Enterprise Linux kernel-source-2.4.9 version 2.4.9 Debian GNU/Linux i2c-2.4.27-4-386 version 2.4.27-4 Debian GNU/Linux hostap-modules-2.4.27-4-k6 version 2.4.27-4 Debian GNU/Linux kernel-image-2.4.27-4-sparc32-smp version 2.4.27-4

Description The issue is related to multiple vulnerabilities in various Linux kernel packages, which can lead to disruption of protected information. These vulnerabilities can be exploited remotely. The do coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-189CWE-399CWE-200

Related Identifiers

BDU:2015-03581

BDU:2015-03582

BDU:2015-03583

BDU:2015-03584

BDU:2015-03585

BDU:2015-03586

BDU:2015-03587

BDU:2015-03588

BDU:2015-03589

BDU:2015-03590

BDU:2015-03591

BDU:2015-03592

BDU:2015-03593

BDU:2015-03594

BDU:2015-03595

BDU:2015-03596

BDU:2015-03597

BDU:2015-03598

BDU:2015-03599

BDU:2015-03600

BDU:2015-03601

BDU:2015-03602

BDU:2015-03603

BDU:2015-03604

BDU:2015-03605

BDU:2015-03606

BDU:2015-03607

BDU:2015-03608

BDU:2015-03609

BDU:2015-03610

BDU:2015-03611

BDU:2015-03612

BDU:2015-03613

BDU:2015-03614

BDU:2015-03615

BDU:2015-03616

BDU:2015-03617

BDU:2015-03618

BDU:2015-03619

BDU:2015-03620

BDU:2015-03621

BDU:2015-03622

BDU:2015-03623

BDU:2015-03624

BDU:2015-03625

BDU:2015-03626

BDU:2015-03627

BDU:2015-03628

BDU:2015-03629

BDU:2015-03630

BDU:2015-03631

BDU:2015-03632

BDU:2015-03633

BDU:2015-03634

BDU:2015-03635

BDU:2015-03636

BDU:2015-03637

BDU:2015-03638

BDU:2015-03639

BDU:2015-03640

BDU:2015-03641

BDU:2015-03642

BDU:2015-03643

BDU:2015-03644

BDU:2015-03645

BDU:2015-03646

BDU:2015-03647

BDU:2015-03648

BDU:2015-03649

BDU:2015-03650

BDU:2015-03651

BDU:2015-03652

BDU:2015-03653

BDU:2015-03654

BDU:2015-06237

BDU:2015-06238

BDU:2015-06242

BDU:2015-06244

BDU:2015-06253

BDU:2015-06254

BDU:2015-06257

BDU:2015-06259

BDU:2015-06268

BDU:2015-06269

BDU:2015-06272

BDU:2015-06273

BDU:2015-06274

CVE-2007-6206

DSA-1436-1

DSA-1503-1

DSA-1503-2

DSA-1504-1

RHSA-2008:0055

RHSA-2008:0089

RHSA-2008:0211

RHSA-2008:0787

RHSA-2008_0055

RHSA-2008_0089

RHSA-2009:0001

Affected Products

Debian

Linux

Red Hat

PT-2004-3755 · Debian+2 · Debian+2

CVE-2007-6206

Weakness Enumeration

Related Identifiers

Affected Products

References · 523