CVE - CVE-2006-5174

CVE-ID
CVE-2006-5174	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a bad address," which triggers a fault that prevents the unused memory from being cleared in the kernel buffer.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:20379 URL:http://www.securityfocus.com/bid/20379 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=52149ba6b0ddf3e9d965257cc0513193650b3ea8 DEBIAN:DSA-1233 URL:http://www.us.debian.org/security/2006/dsa-1233 DEBIAN:DSA-1237 URL:http://www.us.debian.org/security/2006/dsa-1237 MLIST:[linux-kernel] 20061105 Linux 2.6.16.31-rc1 URL:http://lkml.org/lkml/2006/11/5/46 OVAL:oval:org.mitre.oval:def:9885 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9885 REDHAT:RHSA-2006:0710 URL:http://www.redhat.com/support/errata/RHSA-2006-0710.html REDHAT:RHSA-2007:0014 URL:http://rhn.redhat.com/errata/RHSA-2007-0014.html SECTRACK:1017090 URL:http://securitytracker.com/id?1017090 SECUNIA:22289 URL:http://secunia.com/advisories/22289 SECUNIA:22497 URL:http://secunia.com/advisories/22497 SECUNIA:23064 URL:http://secunia.com/advisories/23064 SECUNIA:23370 URL:http://secunia.com/advisories/23370 SECUNIA:23395 URL:http://secunia.com/advisories/23395 SECUNIA:23474 URL:http://secunia.com/advisories/23474 SECUNIA:23997 URL:http://secunia.com/advisories/23997 SECUNIA:24206 URL:http://secunia.com/advisories/24206 SUSE:SUSE-SA:2006:079 URL:http://www.novell.com/linux/security/advisories/2006_79_kernel.html VUPEN:ADV-2006-3938 URL:~~http://www.vupen.com/english/advisories/2006/3938~~ (Obsolete source) XF:kernel-copyfromuser-information-disclosure(29378) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/29378
Assigning CNA
MITRE Corporation
Date Record Created
20061005	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061005)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)