#VU99900 Security restrictions bypass in Linux kernel - CVE-2006-1052
Vulnerability identifier: #VU99900
Vulnerability risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform service disruption.
The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows local users with ptrace permissions to change the tracer SID to an SID of another process.
Mitigation
Install update from vendor's repository.
Vulnerable software versions
Linux kernel: All versions
External links
https://marc.info/?l=git-commits-head&m=114210002712363&w=2
https://marc.info/?l=selinux&m=114226465106131&w=2
https://secunia.com/advisories/19955
https://secunia.com/advisories/20157
https://secunia.com/advisories/21465
https://secunia.com/advisories/22093
https://secunia.com/advisories/22417
https://selinuxnews.org/wp/index.php/2006/03/13/security-ptrace-bug-cve-2006-1052/
https://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
https://www.debian.org/security/2006/dsa-1184
https://www.mandriva.com/security/advisories?name=MDKSA-2006:086
https://www.osvdb.org/25232
https://www.redhat.com/support/errata/RHSA-2006-0575.html
https://www.securityfocus.com/bid/17830
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10102
https://usn.ubuntu.com/281-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
