CVE - CVE-2006-2071

CVE-ID
CVE-2006-2071	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 URL:http://www.securityfocus.com/archive/1/451404/100/0/threaded BUGTRAQ:20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1 URL:http://www.securityfocus.com/archive/1/451419/100/200/threaded BUGTRAQ:20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 URL:http://www.securityfocus.com/archive/1/451417/100/200/threaded BUGTRAQ:20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2 URL:http://www.securityfocus.com/archive/1/451426/100/200/threaded CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6 CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b78b6af66a5fbaf17d7e6bfc32384df5e34408c8 CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190073 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm CONFIRM:http://www.vmware.com/download/esx/esx-202-200610-patch.html CONFIRM:http://www.vmware.com/download/esx/esx-213-200610-patch.html CONFIRM:http://www.vmware.com/download/esx/esx-254-200610-patch.html MANDRIVA:MDKSA-2006:086 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:086 REDHAT:RHSA-2006:0579 URL:http://www.redhat.com/support/errata/RHSA-2006-0579.html REDHAT:RHSA-2006:0580 URL:http://www.redhat.com/support/errata/RHSA-2006-0580.html REDHAT:RHSA-2006:0689 URL:http://www.redhat.com/support/errata/RHSA-2006-0689.html REDHAT:RHSA-2006:0710 URL:http://www.redhat.com/support/errata/RHSA-2006-0710.html UBUNTU:USN-302-1 URL:http://www.ubuntu.com/usn/usn-302-1 OVAL:oval:org.mitre.oval:def:9978 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9978 VUPEN:ADV-2006-4502 URL:http://www.vupen.com/english/advisories/2006/4502 VUPEN:ADV-2006-1391 URL:http://www.vupen.com/english/advisories/2006/1391 OSVDB:25139 URL:http://www.osvdb.org/25139 SECUNIA:20157 URL:http://secunia.com/advisories/20157 SECUNIA:20716 URL:http://secunia.com/advisories/20716 SECUNIA:21035 URL:http://secunia.com/advisories/21035 SECUNIA:22292 URL:http://secunia.com/advisories/22292 SECUNIA:22497 URL:http://secunia.com/advisories/22497 SECUNIA:22945 URL:http://secunia.com/advisories/22945 SECUNIA:22875 URL:http://secunia.com/advisories/22875 SECUNIA:23064 URL:http://secunia.com/advisories/23064 XF:linux-mprotect-security-bypass(26169) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26169
Assigning CNA
N/A
Date Entry Created
20060427	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060427)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.