127162 2006-03-22 02:13 0000 Linux Kernel Netfilter do_replace() Local Buffer Overflow Vulnerability (CVE-2006-0038) 2006-04-17 06:41:48 0000 1 1 1 Unclassified Gentoo Security Kernel unspecified All Linux RESOLVED INVALID http://www.securityfocus.com/bid/17178/info P2 major --- 1 christian@bricart.de security@gentoo.org jaervosz@gentoo.org vserver-devs@gentoo.org christian@bricart.de 2006-03-22 02:13:11 0000 Quoting SecurityFocus: The Linux kernel is susceptible to a remote buffer-overflow vulnerability. This issue is due to the kernel's failure to properly bounds-check user-supplied input before using it in a memory copy operation. This issue allows remote attackers to overwrite kernel memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of affected kernels. This vulnerability facilitates the complete compromise of affected computers. Linux kernel versions prior to 2.6.16 in the 2.6 series are affected by this issue. christian@bricart.de 2006-03-22 03:36:51 0000 Harald Welte (netfilter core team) commented on this: http://www.mail-archive.com/netfilter-announce@lists.netfilter.org/msg00059.html It seems that the bug is NOT remote exploitable. So I removed "remote" from summary and decreased serverity to "major" plasmaroo@gentoo.org 2006-03-27 13:16:04 0000 This might affect openvz-sources/vserver-sources; maintainers please confirm... No security risk otherwise. plasmaroo@gentoo.org 2006-03-27 13:28:39 0000 *** Bug 127216 has been marked as a duplicate of this bug. *** hollow@gentoo.org 2006-03-29 07:02:24 0000 regarding vserver only those guests with CAP_NET_ADMIN might be affected which is off by default. regarding openvz as per upstream it is not an issue plasmaroo@gentoo.org 2006-04-15 13:14:02 0000 @hollow: Understood, can you please patch the 2.6.15 series for this issue? Or possibly send the 2.6.16 series to stable. Thanks! plasmaroo@gentoo.org 2006-04-16 10:59:07 0000 Upon further inspection with phreak, vserver is not affected by this (they implement the code themselves differently). hollow@gentoo.org 2006-04-16 19:15:54 0000 ok, good, since the 2.6.16 version will still take some time i'm afraid.. plasmaroo@gentoo.org 2006-04-17 06:41:48 0000 openvz also not affected, so this bug can be closed :)