CVE-2007-6206

Publication date 4 December 2007

Last updated 24 July 2024

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release
linux-source-2.6.15	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Fixed 2.6.15-51.66
linux-source-2.6.17	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.10 edgy	Fixed 2.6.17.1-12.43
	6.06 LTS dapper	Not in release
linux-source-2.6.20	7.10 gutsy	Not in release
	7.04 feisty	Fixed 2.6.20-16.34
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release
linux-source-2.6.22	7.10 gutsy	Fixed 2.6.22-14.51
	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release

References

Related Ubuntu Security Notices (USN)

USN-574-1
Linux kernel vulnerabilities
4 February 2008

USN-578-1
Linux kernel vulnerabilities
14 February 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2007-6206