Bug 1618145 (CVE-2006-3626)

Summary: CVE-2006-3626 security flaw
Product: [Other] Security Response Reporter: Stephen Herr <sherr>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-08-16 12:28:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stephen Herr 2018-08-16 12:28:51 UTC 
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Comment 1 Stephen Herr 2018-08-16 16:45:43 UTC 
MITRE description:

Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.
Comment 2 Stephen Herr 2019-06-13 19:29:41 UTC 
Statement:

This vulnerability does not affect Red Hat Enterprise Linux 2.1 or 3 as they are based on 2.4 kernels.

The exploit relies on the kernel supporting the a.out binary format.  Red Hat Enterprise Linux 4, Fedora Core 4, and Fedora Core 5 do not support the a.out binary format, causing the exploit to fail.  We are not currently aware of any way to exploit this vulnerability if a.out binary format is not enabled.  In addition, a default installation of these OS enables SELinux in enforcing mode.  SELinux also completely blocks attempts to exploit this issue.

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198973#c10