Vulnerability Details CVE-2006-0457
Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.3%
CVSS Severity
CVSS v2 Score 7.1
References
- http://secunia.com/advisories/19220
- http://secunia.com/advisories/20398
- http://secunia.com/advisories/21465
- http://secunia.com/advisories/22417
- http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:059
- http://www.novell.com/linux/security/advisories/2006-05-31.html
- http://www.osvdb.org/23894
- http://www.redhat.com/support/errata/RHSA-2006-0575.html
- http://www.securityfocus.com/bid/17084
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25354
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9566
- https://usn.ubuntu.com/263-1/
- http://secunia.com/advisories/19220
- http://secunia.com/advisories/20398
- http://secunia.com/advisories/21465
- http://secunia.com/advisories/22417
- http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:059
- http://www.novell.com/linux/security/advisories/2006-05-31.html
- http://www.osvdb.org/23894
- http://www.redhat.com/support/errata/RHSA-2006-0575.html
- http://www.securityfocus.com/bid/17084
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25354
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9566
- https://usn.ubuntu.com/263-1/
Products affected by CVE-2006-0457
-
cpe:2.3:o:linux:linux_kernel:2.6.0
-
cpe:2.3:o:linux:linux_kernel:2.6.1
-
cpe:2.3:o:linux:linux_kernel:2.6.10
-
cpe:2.3:o:linux:linux_kernel:2.6.11
-
cpe:2.3:o:linux:linux_kernel:2.6.11.1
-
cpe:2.3:o:linux:linux_kernel:2.6.11.10
-
cpe:2.3:o:linux:linux_kernel:2.6.11.11
-
cpe:2.3:o:linux:linux_kernel:2.6.11.12
-
cpe:2.3:o:linux:linux_kernel:2.6.11.2
-
cpe:2.3:o:linux:linux_kernel:2.6.11.3
-
cpe:2.3:o:linux:linux_kernel:2.6.11.4
-
cpe:2.3:o:linux:linux_kernel:2.6.11.5
-
cpe:2.3:o:linux:linux_kernel:2.6.11.6
-
cpe:2.3:o:linux:linux_kernel:2.6.11.7
-
cpe:2.3:o:linux:linux_kernel:2.6.11.8
-
cpe:2.3:o:linux:linux_kernel:2.6.11.9
-
cpe:2.3:o:linux:linux_kernel:2.6.11_rc1_bk6
-
cpe:2.3:o:linux:linux_kernel:2.6.12
-
cpe:2.3:o:linux:linux_kernel:2.6.12.1
-
cpe:2.3:o:linux:linux_kernel:2.6.12.2
-
cpe:2.3:o:linux:linux_kernel:2.6.12.3
-
cpe:2.3:o:linux:linux_kernel:2.6.12.4
-
cpe:2.3:o:linux:linux_kernel:2.6.12.5
-
cpe:2.3:o:linux:linux_kernel:2.6.12.6
-
cpe:2.3:o:linux:linux_kernel:2.6.13
-
cpe:2.3:o:linux:linux_kernel:2.6.13.1
-
cpe:2.3:o:linux:linux_kernel:2.6.13.2
-
cpe:2.3:o:linux:linux_kernel:2.6.13.3
-
cpe:2.3:o:linux:linux_kernel:2.6.13.4
-
cpe:2.3:o:linux:linux_kernel:2.6.14
-
cpe:2.3:o:linux:linux_kernel:2.6.14.1
-
cpe:2.3:o:linux:linux_kernel:2.6.14.2
-
cpe:2.3:o:linux:linux_kernel:2.6.14.3
-
cpe:2.3:o:linux:linux_kernel:2.6.14.4
-
cpe:2.3:o:linux:linux_kernel:2.6.15
-
cpe:2.3:o:linux:linux_kernel:2.6.15.1
-
cpe:2.3:o:linux:linux_kernel:2.6.15.2
-
cpe:2.3:o:linux:linux_kernel:2.6.15.3
-
cpe:2.3:o:linux:linux_kernel:2.6.15.4
-
cpe:2.3:o:linux:linux_kernel:2.6.15.5
-
cpe:2.3:o:linux:linux_kernel:2.6.3
-
cpe:2.3:o:linux:linux_kernel:2.6.4
-
cpe:2.3:o:linux:linux_kernel:2.6.5
-
cpe:2.3:o:linux:linux_kernel:2.6.6
-
cpe:2.3:o:linux:linux_kernel:2.6.7
-
cpe:2.3:o:linux:linux_kernel:2.6.8
-
cpe:2.3:o:linux:linux_kernel:2.6.8.1
-
cpe:2.3:o:linux:linux_kernel:2.6.8.1.5
-
cpe:2.3:o:linux:linux_kernel:2.6.9