| Name | CVE-2007-6206 |
| Description | The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more) |
| References | DSA-1436-1, DSA-1503-1, DSA-1503-2, DSA-1504-1 |
| NVD severity | low |
The information below is based on the following data on fixed versions.
- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)