CVE-2007-6206 — LOW (2.1) — White Hats Nepal

Q: How severe is CVE-2007-6206?

CVE-2007-6206 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-6206?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Real Time Extension, Suse Linux Enterprise Server.

Vulnerability Description

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.

CVSS Score

2.1

LOW

AV:L/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 2.4.0, <= 2.4.35.2
Opensuse	Opensuse	10.2
Suse	Linux Enterprise Desktop	10
Suse	Linux Enterprise Real Time Extension	10
Suse	Linux Enterprise Server	10
Suse	Linux Enterprise Software Development Kit	10
Redhat	Enterprise Linux Desktop	4.0
Redhat	Enterprise Linux Eus	4.6
Redhat	Enterprise Linux Server	4.0
Redhat	Enterprise Linux Workstation	4.0
Debian	Debian Linux	3.1
Canonical	Ubuntu Linux	6.06

Related Weaknesses (CWE)

CWE-200

References

http://bugzilla.kernel.org/show_bug.cgi?id=3043Issue TrackingVendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.htmlMailing ListThird Party Advisory
http://lists.vmware.com/pipermail/security-announce/2008/000023.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2008-0055.htmlThird Party Advisory
http://secunia.com/advisories/27908Third Party Advisory
http://secunia.com/advisories/28141Third Party Advisory
http://secunia.com/advisories/28643Third Party Advisory
http://secunia.com/advisories/28706Third Party Advisory
http://secunia.com/advisories/28748Third Party Advisory
http://secunia.com/advisories/28826Third Party Advisory
http://secunia.com/advisories/28889Third Party Advisory
http://secunia.com/advisories/28971Third Party Advisory

FAQ

What is CVE-2007-6206?

CVE-2007-6206 is a vulnerability with a CVSS score of 2.1 (LOW). The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process crea...

How severe is CVE-2007-6206?

CVE-2007-6206 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-6206?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Real Time Extension, Suse Linux Enterprise Server.