CVE-2006-3626

Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.

Published: Jul 18, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-3626
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.2
AV:L/AC:H/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	2.6.17-rc6	2.6.17-rc6.x
linux / linux_kernel	2.6.16.16	2.6.16.16.x
linux / linux_kernel	2.6.16.9	2.6.16.9.x
linux / linux_kernel	2.6.16.6	2.6.16.6.x
linux / linux_kernel	2.6.16.8	2.6.16.8.x
linux / linux_kernel	2.6.16-rc6	2.6.16-rc6.x
linux / linux_kernel	2.6.16-rc1	2.6.16-rc1.x
linux / linux_kernel	2.6.17.2	2.6.17.2.x
linux / linux_kernel	2.6.17.4	2.6.17.4.x
linux / linux_kernel	2.6.16.18	2.6.16.18.x
linux / linux_kernel	2.6.16.13	2.6.16.13.x
linux / linux_kernel	2.6.16.4	2.6.16.4.x
linux / linux_kernel	2.6.17.3	2.6.17.3.x
linux / linux_kernel	2.6.16.15	2.6.16.15.x
linux / linux_kernel	2.6.16.1	2.6.16.1.x
linux / linux_kernel	2.6.17	2.6.17.x
linux / linux_kernel	2.6.16.11	2.6.16.11.x
linux / linux_kernel	2.6.16.14	2.6.16.14.x
linux / linux_kernel	2.6.16.21	2.6.16.21.x
linux / linux_kernel	2.6.16.23	2.6.16.23.x
linux / linux_kernel	2.6.16-rc5	2.6.16-rc5.x
linux / linux_kernel	2.6.16.3	2.6.16.3.x
linux / linux_kernel	2.6.17-rc3	2.6.17-rc3.x
linux / linux_kernel	2.6.17.1	2.6.17.1.x
linux / linux_kernel	2.6.16-rc4	2.6.16-rc4.x
linux / linux_kernel	2.6.17-rc1	2.6.17-rc1.x
linux / linux_kernel	2.6.17-rc2	2.6.17-rc2.x
linux / linux_kernel	2.6.16	2.6.16.x
linux / linux_kernel	2.6.16.22	2.6.16.22.x
linux / linux_kernel	2.6.16.10	2.6.16.10.x
linux / linux_kernel	2.6.16.24	2.6.16.24.x
linux / linux_kernel	2.6.16.17	2.6.16.17.x
linux / linux_kernel	2.6.16.12	2.6.16.12.x
linux / linux_kernel	2.6.16.2	2.6.16.2.x
linux / linux_kernel	2.6.16-rc3	2.6.16-rc3.x
linux / linux_kernel	2.6.16.7	2.6.16.7.x
linux / linux_kernel	2.6.17-rc4	2.6.17-rc4.x
linux / linux_kernel	2.6.16.5	2.6.16.5.x
linux / linux_kernel	2.6.16.19	2.6.16.19.x
linux / linux_kernel	2.6.16.20	2.6.16.20.x
linux / linux_kernel	2.6.16-rc2	2.6.16-rc2.x
linux / linux_kernel	2.6.17-rc5	2.6.17-rc5.x

Vulnerability Database

CVE-2006-3626

Deep Security Visibility Without the Complexity