[kernel-sec-discuss] r528 - patch-tracking
Dann Frazier
dannf at costa.debian.org
Mon Aug 14 02:10:03 UTC 2006
Author: dannf
Date: 2006-08-14 02:10:01 +0000 (Mon, 14 Aug 2006)
New Revision: 528
Modified:
patch-tracking/CVE-2006-2451
Log:
add released versions + description
Modified: patch-tracking/CVE-2006-2451
===================================================================
--- patch-tracking/CVE-2006-2451 2006-08-14 02:04:21 UTC (rev 527)
+++ patch-tracking/CVE-2006-2451 2006-08-14 02:10:01 UTC (rev 528)
@@ -1,10 +1,16 @@
Candidate: CVE-2006-2451
References:
Description:
+ The suid_dumpable support in Linux kernel 2.6.13 up to versions before
+ 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial
+ of service (disk consumption) and possibly gain privileges via the
+ PR_SET_DUMPABLE argument of the prctl function and a program that causes a
+ core dump file to be created in a directory for which the user does not have
+ permissions.
Notes:
Bugs:
upstream: released (2.6.16.14), released (2.6.17.4)
linux-2.6.16:
-linux-2.6:
+linux-2.6: released (2.6.16-17)
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
\ No newline at end of file
More information about the kernel-sec-discuss
mailing list