Vulnerability Details : CVE-2006-1524
madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071.
Products affected by CVE-2006-1524
- cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.16.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.16.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.16.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.16.6:*:*:*:*:*:*:*
Threat overview for CVE-2006-1524
Top countries where our scanners detected CVE-2006-1524
Top open port discovered on systems with this issue
554
IPs affected by CVE-2006-1524 7
Find out if you* are
affected by CVE-2006-1524!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2006-1524
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-1524
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.6
|
LOW | AV:L/AC:L/Au:N/C:P/I:P/A:N |
3.9
|
4.9
|
NIST |
CWE ids for CVE-2006-1524
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-1524
-
http://www.securityfocus.com/bid/17587
Patch
-
http://www.vupen.com/english/advisories/2006/1475
Vendor Advisory
-
http://www.novell.com/linux/security/advisories/2006-05-31.html
-
http://www.vupen.com/english/advisories/2006/2554
Vendor Advisory
-
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6
-
http://www.debian.org/security/2006/dsa-1103
-
http://lwn.net/Alerts/180820/
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/25870
-
http://www.vupen.com/english/advisories/2006/1391
Vendor Advisory
-
http://www.debian.org/security/2006/dsa-1097
Jump to