SecureScoutLogo.jpg
Linux Kernel Netfilter Vulnerability



Go to Vulnerabilities List


General Info


TC: 16177
Description: A vulnerability has been reported in the Linux Kernel with an unknown impact.

An integer overflow error exists within the "do_replace()" function in Netfilter. This can be exploited to cause a buffer overflow and allows the overwrite of arbitrary amounts of kernel memory when data is copied from user space.

Successful exploitation requires that the user is granted CAP_NET_ADMIN rights e.g. on systems that uses certain virtualization solutions such as OpenVZ.

Vulnerability has been fixed in version 2.6.16.
TC Impact: Gather Info



Specific Operations and Actions:


Vulnerability Publication: March 22, 2006
Advisory Copyright: Solar Designer
Summary: An integer overflow error exists within the "do_replace()" function in Netfilter. This can be exploited to cause a buffer overflow and allows the overwrite of arbitrary amounts of kernel memory when data is copied from user space.
Risk: Medium
CVSS 2.0 metrics: Access Vector: Local
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete
CVSS 2.0 Base Score: 6.9
Vulnerability Impact: Attack
Host Impact: Overwrite of arbitrary amounts of kernel memory.
Nature of Remediation: Upgrade Kernel.
Step required to fix the reported vulnerability:

***** Solution type: Upgrade Software *****

Upgrade to Linux Kernel version 2.6.16.0 or newer.
See references for more details.



Glossary and References :


References:
* CONFIRM:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186295
* CONFIRM:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ee4bb818ae35f68d1f848eae0a7b150a38eb4168
* CONFIRM:
http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
* DEBIAN: DSA-1097
http://www.debian.org/security/2006/dsa-1097
* DEBIAN: DSA-1103
http://www.debian.org/security/2006/dsa-1103
* REDHAT: RHSA-2006:0575
http://www.redhat.com/support/errata/RHSA-2006-0575.html
* UBUNTU: USN-302-1
http://www.ubuntu.com/usn/usn-302-1
* BID: 17178
http://www.securityfocus.com/bid/17178
* FRSIRT: ADV-2006-1046
http://www.frsirt.com/english/advisories/2006/1046
* FRSIRT: ADV-2006-2554
http://www.frsirt.com/english/advisories/2006/2554
* SECUNIA: 19330
http://secunia.com/advisories/19330
* SECUNIA: 20671
http://secunia.com/advisories/20671
* SECUNIA: 20716
http://secunia.com/advisories/20716
* SECUNIA: 20914
http://secunia.com/advisories/20914
* SECUNIA: 21465
http://secunia.com/advisories/21465
* SECUNIA: 22417
http://secunia.com/advisories/22417
* XF: linux-netfilter-doreplace-overflow(25400)
http://xforce.iss.net/xforce/xfdb/25400

CVE Link: CVE-2006-0038
CVE Compatible

Glossary: Buffer Overflow
SNMP


© 2003-2010 NexantiS Corporation (www.securescout.com)
SecureScout is a trademark of NexantiS
All Rights Reserved
All products names referenced herein are trademarks of their respective companies

SecureScout products are certified:
CVE Compatible
SANS TOP 20 Compatible
CVSS Compatible (Common Vulnerability Scoring System)