CVE-2006-0039 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-0039
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-0039

Description: Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26583 UBUNTU http://www.ubuntu.com/usn/usn-311-1 SAID Secunia Advisory: SA20185 Secunia Advisory: SA20671 Secunia Advisory: SA20914 Secunia Advisory: SA20991 Secunia Advisory: SA22292 Secunia Advisory: SA22945 Secunia Advisory: SA21476 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0689.html OSVDB 25697 MISC http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2722971cbe831117686039d5c334f2c0f560be13 DEBIAN http://www.debian.org/security/2006/dsa-1097 http://www.debian.org/security/2006/dsa-1103 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm http://bugs.gentoo.org/show_bug.cgi?id=133465 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17 BID 18113

Return to the previous page.