cve-2007-6206
Vulnerability from cvelistv5
Published
2007-12-04 00:00
Modified
2024-08-07 15:54
Severity ?
Summary
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.
References
cve@mitre.orghttp://bugzilla.kernel.org/show_bug.cgi?id=3043Issue Tracking, Vendor Advisory
cve@mitre.orghttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=c46f739dd39db3b07ab5deb4e3ec81e1c04a91af
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.vmware.com/pipermail/security-announce/2008/000023.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2008-0055.htmlThird Party Advisory
cve@mitre.orghttp://secunia.com/advisories/27908Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/28141Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/28643Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/28706Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/28748Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/28826Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/28889Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/28971Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/29058Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/30110Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/30818Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/30962Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/31246Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/33280Third Party Advisory
cve@mitre.orghttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048Broken Link
cve@mitre.orghttp://www.debian.org/security/2007/dsa-1436Third Party Advisory
cve@mitre.orghttp://www.debian.org/security/2008/dsa-1503Third Party Advisory
cve@mitre.orghttp://www.debian.org/security/2008/dsa-1504Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2008:044Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2008:086Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2008:112Third Party Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0089.htmlThird Party Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0211.htmlThird Party Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0787.htmlThird Party Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/487808/100/0/threadedThird Party Advisory, VDB Entry
cve@mitre.orghttp://www.securityfocus.com/bid/26701Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/usn-574-1Third Party Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/usn-578-1Third Party Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/4090Third Party Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/2222/referencesThird Party Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/38841Third Party Advisory, VDB Entry
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10719Third Party Advisory
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:54:27.085Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20080208 rPSA-2008-0048-1 kernel",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/487808/100/0/threaded"
          },
          {
            "name": "30962",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30962"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.kernel.org/show_bug.cgi?id=3043"
          },
          {
            "name": "27908",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27908"
          },
          {
            "name": "DSA-1436",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1436"
          },
          {
            "name": "28643",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28643"
          },
          {
            "name": "SUSE-SA:2008:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html"
          },
          {
            "name": "28141",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28141"
          },
          {
            "name": "28826",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28826"
          },
          {
            "name": "28706",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28706"
          },
          {
            "name": "MDVSA-2008:112",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:112"
          },
          {
            "name": "DSA-1504",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1504"
          },
          {
            "name": "kernel-core-dump-information-disclosure(38841)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38841"
          },
          {
            "name": "26701",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26701"
          },
          {
            "name": "28889",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28889"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048"
          },
          {
            "name": "30110",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30110"
          },
          {
            "name": "ADV-2008-2222",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2222/references"
          },
          {
            "name": "33280",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33280"
          },
          {
            "name": "MDVSA-2008:086",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:086"
          },
          {
            "name": "MDVSA-2008:044",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:044"
          },
          {
            "name": "oval:org.mitre.oval:def:10719",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10719"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=c46f739dd39db3b07ab5deb4e3ec81e1c04a91af"
          },
          {
            "name": "DSA-1503",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1503"
          },
          {
            "name": "28748",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28748"
          },
          {
            "name": "USN-574-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-574-1"
          },
          {
            "name": "ADV-2007-4090",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4090"
          },
          {
            "name": "29058",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29058"
          },
          {
            "name": "RHSA-2008:0211",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0211.html"
          },
          {
            "name": "28971",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28971"
          },
          {
            "name": "RHSA-2008:0787",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0787.html"
          },
          {
            "name": "RHSA-2008:0089",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0089.html"
          },
          {
            "name": "[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000023.html"
          },
          {
            "name": "SUSE-SA:2008:030",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html"
          },
          {
            "name": "USN-578-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-578-1"
          },
          {
            "name": "31246",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31246"
          },
          {
            "name": "RHSA-2008:0055",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2008-0055.html"
          },
          {
            "name": "30818",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30818"
          },
          {
            "name": "SUSE-SA:2008:032",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-12-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20080208 rPSA-2008-0048-1 kernel",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/487808/100/0/threaded"
        },
        {
          "name": "30962",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30962"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.kernel.org/show_bug.cgi?id=3043"
        },
        {
          "name": "27908",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27908"
        },
        {
          "name": "DSA-1436",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1436"
        },
        {
          "name": "28643",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28643"
        },
        {
          "name": "SUSE-SA:2008:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html"
        },
        {
          "name": "28141",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28141"
        },
        {
          "name": "28826",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28826"
        },
        {
          "name": "28706",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28706"
        },
        {
          "name": "MDVSA-2008:112",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:112"
        },
        {
          "name": "DSA-1504",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1504"
        },
        {
          "name": "kernel-core-dump-information-disclosure(38841)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38841"
        },
        {
          "name": "26701",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26701"
        },
        {
          "name": "28889",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28889"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048"
        },
        {
          "name": "30110",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30110"
        },
        {
          "name": "ADV-2008-2222",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2222/references"
        },
        {
          "name": "33280",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33280"
        },
        {
          "name": "MDVSA-2008:086",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:086"
        },
        {
          "name": "MDVSA-2008:044",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:044"
        },
        {
          "name": "oval:org.mitre.oval:def:10719",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10719"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=c46f739dd39db3b07ab5deb4e3ec81e1c04a91af"
        },
        {
          "name": "DSA-1503",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1503"
        },
        {
          "name": "28748",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28748"
        },
        {
          "name": "USN-574-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-574-1"
        },
        {
          "name": "ADV-2007-4090",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4090"
        },
        {
          "name": "29058",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29058"
        },
        {
          "name": "RHSA-2008:0211",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0211.html"
        },
        {
          "name": "28971",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28971"
        },
        {
          "name": "RHSA-2008:0787",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0787.html"
        },
        {
          "name": "RHSA-2008:0089",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0089.html"
        },
        {
          "name": "[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2008/000023.html"
        },
        {
          "name": "SUSE-SA:2008:030",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html"
        },
        {
          "name": "USN-578-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-578-1"
        },
        {
          "name": "31246",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31246"
        },
        {
          "name": "RHSA-2008:0055",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2008-0055.html"
        },
        {
          "name": "30818",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30818"
        },
        {
          "name": "SUSE-SA:2008:032",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6206",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080208 rPSA-2008-0048-1 kernel",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/487808/100/0/threaded"
            },
            {
              "name": "30962",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30962"
            },
            {
              "name": "http://bugzilla.kernel.org/show_bug.cgi?id=3043",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.kernel.org/show_bug.cgi?id=3043"
            },
            {
              "name": "27908",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27908"
            },
            {
              "name": "DSA-1436",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1436"
            },
            {
              "name": "28643",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28643"
            },
            {
              "name": "SUSE-SA:2008:007",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html"
            },
            {
              "name": "28141",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28141"
            },
            {
              "name": "28826",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28826"
            },
            {
              "name": "28706",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28706"
            },
            {
              "name": "MDVSA-2008:112",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:112"
            },
            {
              "name": "DSA-1504",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1504"
            },
            {
              "name": "kernel-core-dump-information-disclosure(38841)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38841"
            },
            {
              "name": "26701",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26701"
            },
            {
              "name": "28889",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28889"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048"
            },
            {
              "name": "30110",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30110"
            },
            {
              "name": "ADV-2008-2222",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2222/references"
            },
            {
              "name": "33280",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33280"
            },
            {
              "name": "MDVSA-2008:086",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:086"
            },
            {
              "name": "MDVSA-2008:044",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:044"
            },
            {
              "name": "oval:org.mitre.oval:def:10719",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10719"
            },
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=c46f739dd39db3b07ab5deb4e3ec81e1c04a91af",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=c46f739dd39db3b07ab5deb4e3ec81e1c04a91af"
            },
            {
              "name": "DSA-1503",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1503"
            },
            {
              "name": "28748",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28748"
            },
            {
              "name": "USN-574-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-574-1"
            },
            {
              "name": "ADV-2007-4090",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4090"
            },
            {
              "name": "29058",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29058"
            },
            {
              "name": "RHSA-2008:0211",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0211.html"
            },
            {
              "name": "28971",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28971"
            },
            {
              "name": "RHSA-2008:0787",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0787.html"
            },
            {
              "name": "RHSA-2008:0089",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0089.html"
            },
            {
              "name": "[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2008/000023.html"
            },
            {
              "name": "SUSE-SA:2008:030",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html"
            },
            {
              "name": "USN-578-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-578-1"
            },
            {
              "name": "31246",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31246"
            },
            {
              "name": "RHSA-2008:0055",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0055.html"
            },
            {
              "name": "30818",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30818"
            },
            {
              "name": "SUSE-SA:2008:032",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6206",
    "datePublished": "2007-12-04T00:00:00",
    "dateReserved": "2007-12-03T00:00:00",
    "dateUpdated": "2024-08-07T15:54:27.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-6206\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-12-04T00:46:00.000\",\"lastModified\":\"2023-11-07T02:01:27.797\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n do_coredump en el archivo fs/exec.c en el kernel de Linux versiones 2.4.x y versiones 2.6.x hasta 2.6.24-rc3, y posiblemente otras versiones, no cambia el UID de un archivo de volcado de n\u00facleo si \u00e9ste existe antes de una creaci\u00f3n de proceso root en un volcado de n\u00facleo en la misma ubicaci\u00f3n, lo que podr\u00eda permitir a los usuarios locales obtener informaci\u00f3n confidencial.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":2.1},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.0\",\"versionEndIncluding\":\"2.4.35.2\",\"matchCriteriaId\":\"91D6F35D-14A9-4F0B-816F-B89F7AAA3A20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.0\",\"versionEndExcluding\":\"2.6.24\",\"matchCriteriaId\":\"D7B67565-ADA8-46B9-B3E0-2100CD53EE67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.24:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F3E61F3-1CF1-4176-94CD-89A408BCFC96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.24:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"085259B8-9D41-42B0-B32B-66B8D365F106\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.24:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A12DE15-E192-4B90-ADB7-A886B3746DD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.24:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF6588E7-F4FA-40F5-8945-FC7B6094376E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24818450-FDA1-429A-AC17-68F44F584217\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C35B68DF-1440-4587-8458-9C5F4D1E43F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_desktop:10:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8FC5E32-C9E3-49F6-9481-1DB60DEE8A07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_real_time_extension:10:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2120267-502B-4662-96BA-F32289F64B0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"29184B59-5756-48DB-930C-69D5CD628548\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"33EB57D5-DE8D-417C-8C00-AD331D61181C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D74A418-50F0-42C0-ABBC-BBBE718FF025\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F81695D5-64C0-42B7-A048-1309C908F943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73322DEE-27A6-4D18-88A3-ED7F9CAEABD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B5DCF29-6830-45FF-BC88-17E2249C653D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F92AB32-E7DE-43F4-B877-1F41FA162EC7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23E304C9-F780-4358-A58D-1E4C93977704\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EBDAFF8-DE44-4E80-B6BD-E341F767F501\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"823BF8BE-2309-4F67-A5E2-EAD98F723468\"}]}]}],\"references\":[{\"url\":\"http://bugzilla.kernel.org/show_bug.cgi?id=3043\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=c46f739dd39db3b07ab5deb4e3ec81e1c04a91af\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2008/000023.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2008-0055.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/27908\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/28141\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/28643\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/28706\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/28748\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/28826\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/28889\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/28971\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/29058\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/30110\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/30818\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/30962\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/31246\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/33280\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.debian.org/security/2007/dsa-1436\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2008/dsa-1503\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2008/dsa-1504\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:044\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:086\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:112\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0089.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0211.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0787.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/487808/100/0/threaded\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/26701\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-574-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-578-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/4090\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2222/references\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38841\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10719\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.