CVE-2006-1524

NameCVE-2006-1524
Descriptionmadvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1097-1, DSA-1103
NVD severitylow (attack range: local)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kernel-source-2.4.27sourcesarge2.4.27-10sarge3lowDSA-1097-1
kernel-source-2.6.8sourcesarge2.6.8-16sarge3lowDSA-1103
linux-2.6source(unstable)2.6.16-8low

Search for package or bug name: Reporting problems