Improper limitation of a pathname to a restricted directory ('path traversal') in Linux kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2006-1864 |
| CWE-ID | CWE-22 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper limitation of a pathname to a restricted directory ('path traversal')
EUVDB-ID: #VU99902
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2006-1864
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to read and manipulate data.
Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via '..\' sequences, a similar vulnerability to CVE-2006-1863.
MitigationInstall update from vendor's repository.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttps://secunia.com/advisories/19869
https://secunia.com/advisories/20237
https://secunia.com/advisories/20398
https://secunia.com/advisories/20671
https://secunia.com/advisories/20716
https://secunia.com/advisories/20914
https://secunia.com/advisories/21035
https://secunia.com/advisories/21476
https://secunia.com/advisories/21614
https://secunia.com/advisories/21745
https://secunia.com/advisories/22497
https://secunia.com/advisories/22875
https://secunia.com/advisories/23064
https://support.avaya.com/elmodocs2/security/ASA-2006-161.htm
https://support.avaya.com/elmodocs2/security/ASA-2006-254.htm
https://www.debian.org/security/2006/dsa-1097
https://www.debian.org/security/2006/dsa-1103
https://www.mandriva.com/security/advisories?name=MDKSA-2006:150
https://www.mandriva.com/security/advisories?name=MDKSA-2006:151
https://www.novell.com/linux/security/advisories/2006-05-31.html
https://www.osvdb.org/25067
https://www.redhat.com/support/errata/RHSA-2006-0493.html
https://www.redhat.com/support/errata/RHSA-2006-0579.html
https://www.redhat.com/support/errata/RHSA-2006-0580.html
https://www.redhat.com/support/errata/RHSA-2006-0710.html
https://www.securityfocus.com/archive/1/451404/100/0/threaded
https://www.securityfocus.com/archive/1/451417/100/200/threaded
https://www.securityfocus.com/archive/1/451419/100/200/threaded
https://www.securityfocus.com/archive/1/451426/100/200/threaded
https://www.securityfocus.com/bid/17735
https://www.trustix.org/errata/2006/0026
https://www.ubuntu.com/usn/usn-302-1
https://www.vmware.com/download/esx/esx-202-200610-patch.html
https://www.vmware.com/download/esx/esx-213-200610-patch.html
https://www.vmware.com/download/esx/esx-254-200610-patch.html
https://www.vupen.com/english/advisories/2006/2554
https://www.vupen.com/english/advisories/2006/4502
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189435
https://exchange.xforce.ibmcloud.com/vulnerabilities/26137
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11327
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
