Vulnerability CVE-2000-0506 - CERT Civis.Net

Vulnerability Name:

CVE-2000-0506 (CCN-4650)

Assigned:

2000-06-07

Published:

2000-06-07

Updated:

2008-09-10

Summary:

The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability."

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: CCN
Type: Linux Capabilities FAQ 0.2
Linux Capabilities FAQ 0.2

Source: CCN
Type: SGI Security Advisory 20000802-01-P
Linux Kernel Capability Vulnerability

Source: SGI
Type: UNKNOWN
20000802-01-P

Source: CCN
Type: BugTraq Mailing List, Wed Jun 07 2000 - 17:13:18 CDT
Local root vulnerability in most used Linux kernels

Source: CCN
Type: BugTraq Mailing List, Wed Jun 07 2000 - 17:38:14 CDT
local root on linux 2.2.15

Source: CCN
Type: BugTraq Mailing List, Thu Jun 08 2000 - 07:21:48 CDT
Sendmail local root exploit on linux 2.2.x

Source: BUGTRAQ
Type: UNKNOWN
20000609 Trustix Security Advisory

Source: CCN
Type: BugTraq Mailing List, Fri Jun 09 2000 - 10:11:41 CDT
Trustix Security Advisory

Source: BUGTRAQ
Type: UNKNOWN
20000608 CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel

Source: CCN
Type: BugTraq Mailing List, Fri Jun 09 2000 - 01:59:36 CDT
Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5

Source: MITRE
Type: CNA
CVE-2000-0506

Source: CCN
Type: Conectiva Linux Announcement CLSA-2000:223
kernel-2.2.14

Source: CCN
Type: RHSA-2000:037-01
New Linux kernel fixes security bug

Source: CCN
Type: CIAC Information Bulletin K-053a
Linux setuid Kernel Fix

Source: CCN
Type: CIAC Information Bulletin K-064
Linux Kernel Capability Vulnerability

Source: CCN
Type: TurboLinux Security Announcement TLSA2000013-1
[TL-Security-Announce] Linux Kernel TLSA2000013-1

Source: CCN
Type: OSVDB ID: 6220
Linux Kernel capabilities CAP_SETUID Feature Local Privilege Escalation

Source: REDHAT
Type: UNKNOWN
RHSA-2000:037

Source: BID
Type: UNKNOWN
1322

Source: CCN
Type: BID-1322
Linux Capabilities Vulnerability

Source: BUGTRAQ
Type: Exploit, Vendor Advisory
20000609 Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5

Source: CCN
Type: Sendmail Security Team Advisory
Sendmail Workaround for Linux Capabilities Bug

Source: CCN
Type: SuSE Security Announcement #54
kernel < 2.2.16

Source: XF
Type: UNKNOWN
linux-kernel-capabilities(4650)

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:2.0:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.0.30:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.0.33:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.0.34:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.0.35:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.0.36:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.0.37:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.0.38:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.2.0:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.2.10:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.2.12:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.2.13:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.2.14:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.2.15:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.2.15:pre16:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.2.15_pre20:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.2.16:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.2.16:pre5:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:2.2.0:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.0.35:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.0.36:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.0.38:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.0.34:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.0:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.0.37:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.2.14:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.0.30:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.2.10:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.2.12:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.2.13:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.2.15_pre20:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.2.15:pre16:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.2.15:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.2.16:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.0.33:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.2.16:pre5:*:*:*:*:*:*

AND

cpe:/o:redhat:linux:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:6.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*

Denotes that component is vulnerable