Vulnerability CVE-2006-3626 - CERT Civis.Net

Vulnerability Name:

CVE-2006-3626 (CCN-27790)

Assigned:

2006-07-14

Published:

2006-07-14

Updated:

2018-10-18

Summary:

Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.

CVSS v3 Severity:

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.2 Medium (CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
4.6 Medium (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.0 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)
4.5 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: CCN
Type: Full-Disclosure Mailing List, Fri Jul 14 2006 - 15:35:17 CDT
Linux kernel 0day - dynamite inside, don't burn your fingers

Source: MITRE
Type: CNA
CVE-2006-3626

Source: CCN
Type: The Linux Kernel Archives Web site
ChangeLog-2.6.17.5

Source: CONFIRM
Type: UNKNOWN
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.5

Source: FULLDISC
Type: UNKNOWN
20060714 Linux kernel 0day - dynamite inside, don't burn your fingers

Source: CCN
Type: RHSA-2006-0617
kernel security update

Source: CCN
Type: SA21041
Linux Kernel "/proc" Race Condition Privilege Escalation

Source: SECUNIA
Type: UNKNOWN
21041

Source: SECUNIA
Type: UNKNOWN
21057

Source: SECUNIA
Type: UNKNOWN
21073

Source: SECUNIA
Type: UNKNOWN
21119

Source: SECUNIA
Type: UNKNOWN
21123

Source: SECUNIA
Type: UNKNOWN
21179

Source: SECUNIA
Type: UNKNOWN
21498

Source: SECUNIA
Type: UNKNOWN
21605

Source: CCN
Type: SA22174
Avaya Products Linux Kernel Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
22174

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm

Source: CCN
Type: ASA-2006-203
kernel security update (RHSA-2006-0617)

Source: DEBIAN
Type: UNKNOWN
DSA-1111

Source: DEBIAN
Type: DSA-1111
kernel-source-2.6.8 -- race condition

Source: CONFIRM
Type: UNKNOWN
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=0cb8f20d000c25118947fcafa81606300ced35f8;hp=243a94af0427b2630fb85f489a5419410dac3bfc;hb=18b0bbd8ca6d3cb90425aa0d77b99a762c6d6de3;f=fs/proc/base.c

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:124

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:017

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:042

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:047

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:049

Source: OSVDB
Type: UNKNOWN
27120

Source: CCN
Type: OSVDB ID: 27120
Linux Kernel /proc/self/environ prctl Race Condition Local Privilege Escalation

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0617

Source: BUGTRAQ
Type: UNKNOWN
20060717 rPSA-2006-0130-1 kernel

Source: BID
Type: UNKNOWN
18992

Source: CCN
Type: BID-18992
Linux Kernel PROC Filesystem Local Privilege Escalation Vulnerability

Source: CCN
Type: TLSA-2006-18
Race condition

Source: CCN
Type: USN-319-1
Linux kernel vulnerability

Source: CCN
Type: USN-319-2
Linux kernel vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-319-2

Source: VUPEN
Type: UNKNOWN
ADV-2006-2816

Source: CCN
Type: Red Hat Bugzilla Bug 198973
CVE-2006-3626 Nasty /proc privilege escalation

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198973

Source: XF
Type: UNKNOWN
linux-proc-race-condition(27790)

Source: XF
Type: UNKNOWN
linux-proc-race-condition(27790)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10060

Source: UBUNTU
Type: UNKNOWN
USN-319-1

Source: SUSE
Type: SUSE-SA:2006:042
kernel local privilege escalation

Source: SUSE
Type: SUSE-SA:2006:047
kernel security problems

Source: SUSE
Type: SUSE-SA:2006:049
kernel security problems

Source: SUSE
Type: SUSE-SR:2006:017
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:2.6.16:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16:rc4:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16:rc5:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16:rc6:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.4:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.6:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.7:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.8:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.9:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.10:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.11:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.12:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.13:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.14:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.15:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.16:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.17:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.18:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.19:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.20:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.21:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.22:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.23:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.24:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17:rc4:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17:rc5:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17:rc6:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.4:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.11:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17:rc6:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17:rc5:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17:rc4:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.4:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16:rc6:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16:rc5:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16:rc4:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16:rc3:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16:rc2:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16:rc1:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.9:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.8:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.7:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.6:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.4:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.24:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.23:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.22:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.21:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.20:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.19:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.18:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.17:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.16:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.15:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.14:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.13:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.12:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.10:*:*:*:*:*:*:*

AND

cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.1:*:personal:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20063626	V	CVE-2006-3626	2017-09-27
oval:org.mitre.oval:def:10060	V	Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.	2013-04-29
oval:com.redhat.rhsa:def:20060617	P	RHSA-2006:0617: kernel security update (Important)	2008-03-20
oval:org.debian:def:1111	V	race condition	2006-07-26