CVE-2006-1524 - OpenCVE

madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel:2.6.16:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.16.6:::::::*

No data.

References

Link	Providers
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6
http://lwn.net/Alerts/180820/
http://secunia.com/advisories/19657
http://secunia.com/advisories/19664
http://secunia.com/advisories/19735
http://secunia.com/advisories/20398
http://secunia.com/advisories/20671
http://secunia.com/advisories/20914
http://www.debian.org/security/2006/dsa-1097
http://www.debian.org/security/2006/dsa-1103
http://www.novell.com/linux/security/advisories/2006-05-31.html
http://www.osvdb.org/24714
http://www.securityfocus.com/bid/17587
http://www.vupen.com/english/advisories/2006/1391
http://www.vupen.com/english/advisories/2006/1475
http://www.vupen.com/english/advisories/2006/2554
https://exchange.xforce.ibmcloud.com/vulnerabilities/25870

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2006-04-19T18:00:00

Updated: 2024-08-07T17:12:22.161Z

Reserved: 2006-03-30T00:00:00

Link: CVE-2006-1524

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-04-19T18:18:00.000

Modified: 2017-07-20T01:30:40.550

Link: CVE-2006-1524

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-04-17T00:00:00", "descriptions": [{"lang": "en", "value": "madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "linux-madvise-security-bypass(25870)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25870"}, {"name": "19735", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19735"}, {"name": "ADV-2006-2554", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2554"}, {"name": "ADV-2006-1391", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1391"}, {"name": "19664", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19664"}, {"name": "FEDORA-2006-423", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lwn.net/Alerts/180820/"}, {"name": "DSA-1097", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1097"}, {"name": "SUSE-SA:2006:028", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html"}, {"name": "DSA-1103", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1103"}, {"name": "24714", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24714"}, {"name": "17587", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17587"}, {"name": "ADV-2006-1475", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1475"}, {"name": "20398", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20398"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6"}, {"name": "19657", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19657"}, {"name": "20671", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20671"}, {"name": "20914", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20914"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2006-1524", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "linux-madvise-security-bypass(25870)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25870"}, {"name": "19735", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19735"}, {"name": "ADV-2006-2554", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2554"}, {"name": "ADV-2006-1391", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1391"}, {"name": "19664", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19664"}, {"name": "FEDORA-2006-423", "refsource": "FEDORA", "url": "http://lwn.net/Alerts/180820/"}, {"name": "DSA-1097", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1097"}, {"name": "SUSE-SA:2006:028", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html"}, {"name": "DSA-1103", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1103"}, {"name": "24714", "refsource": "OSVDB", "url": "http://www.osvdb.org/24714"}, {"name": "17587", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17587"}, {"name": "ADV-2006-1475", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1475"}, {"name": "20398", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20398"}, {"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6", "refsource": "CONFIRM", "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6"}, {"name": "19657", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19657"}, {"name": "20671", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20671"}, {"name": "20914", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20914"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:12:22.161Z"}, "title": "CVE Program Container", "references": [{"name": "linux-madvise-security-bypass(25870)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25870"}, {"name": "19735", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19735"}, {"name": "ADV-2006-2554", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2554"}, {"name": "ADV-2006-1391", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1391"}, {"name": "19664", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19664"}, {"name": "FEDORA-2006-423", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lwn.net/Alerts/180820/"}, {"name": "DSA-1097", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-1097"}, {"name": "SUSE-SA:2006:028", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html"}, {"name": "DSA-1103", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-1103"}, {"name": "24714", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/24714"}, {"name": "17587", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17587"}, {"name": "ADV-2006-1475", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1475"}, {"name": "20398", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20398"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6"}, {"name": "19657", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19657"}, {"name": "20671", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20671"}, {"name": "20914", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20914"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-1524", "datePublished": "2006-04-19T18:00:00", "dateReserved": "2006-03-30T00:00:00", "dateUpdated": "2024-08-07T17:12:22.161Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "34E60197-56C3-485C-9609-B1C4A0E0FCB2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*", "matchCriteriaId": "86E452E4-45A9-4469-BF69-F40B6598F0EA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*", "matchCriteriaId": "C5751AC4-A60F-42C6-88E5-FC8CFEE6F696", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.3:*:*:*:*:*:*:*", "matchCriteriaId": "1FF886A6-7E73-47AD-B6A5-A9EC5BEDCD0C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.4:*:*:*:*:*:*:*", "matchCriteriaId": "48777A01-8F36-4752-8F7A-1D1686C69A33", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.5:*:*:*:*:*:*:*", "matchCriteriaId": "42DA6A18-5AA1-4920-94C6-8D0BB73C5352", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.6:*:*:*:*:*:*:*", "matchCriteriaId": "992EA5DE-5A5B-4782-8B5A-BDD8D6FB1E31", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071."}], "id": "CVE-2006-1524", "lastModified": "2017-07-20T01:30:40.550", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-04-19T18:18:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6"}, {"source": "secalert@redhat.com", "url": "http://lwn.net/Alerts/180820/"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19657"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19664"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19735"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20398"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20671"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20914"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2006/dsa-1097"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2006/dsa-1103"}, {"source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/24714"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/17587"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/1391"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/1475"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2554"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25870"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}