Vulnerability CVE-2006-1524: Information

Description

madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071.

Severity: LOW (3.6)

URL: https://nvd.nist.gov/vuln/detail/CVE-2006-1524
Published: April 19, 2006
Modified: July 20, 2017
Error type identifier: CWE-264

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6
    17587
    • Patch
    19664
    • Vendor Advisory
    19657
    • Patch
    • Vendor Advisory
    DSA-1097
      20671
      • Vendor Advisory
      SUSE-SA:2006:028
        DSA-1103
          24714
            20914
            • Vendor Advisory
            20398
            • Vendor Advisory
            FEDORA-2006-423
              19735
              • Vendor Advisory
              ADV-2006-1391
              • Vendor Advisory
              ADV-2006-1475
              • Vendor Advisory
              ADV-2006-2554
              • Vendor Advisory
              linux-madvise-security-bypass(25870)

                  1. Configuration 1

                    cpe:2.3:o:linux:linux_kernel:2.6.16.6:*:*:*:*:*:*:*
                    cpe:2.3:o:linux:linux_kernel:2.6.16.4:*:*:*:*:*:*:*
                    cpe:2.3:o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*
                    cpe:2.3:o:linux:linux_kernel:2.6.16.3:*:*:*:*:*:*:*
                    cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*
                    cpe:2.3:o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*
                    cpe:2.3:o:linux:linux_kernel:2.6.16.5:*:*:*:*:*:*:*
                VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                Version: v24.5.0
                Back to top