Vulnerability Details CVE-2006-0228
The RBAC functionality in grsecurity before 2.1.8 does not properly handle when the admin role creates a service and then exits the shell without unauthenticating, which causes the service to be restarted with the admin role still active.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.2%
CVSS Severity
CVSS v2 Score 7.2
References
- http://secunia.com/advisories/18458
- http://www.grsecurity.org/news.php#grsec218
- http://www.securityfocus.com/bid/16261
- http://www.vupen.com/english/advisories/2006/0199
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24156
- http://secunia.com/advisories/18458
- http://www.grsecurity.org/news.php#grsec218
- http://www.securityfocus.com/bid/16261
- http://www.vupen.com/english/advisories/2006/0199
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24156
Products affected by CVE-2006-0228
-
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.0.1
-
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.0.2
-
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.0
-
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.1
-
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.2
-
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.3
-
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.4
-
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.5
-
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.6
-
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.7