Quoting SecurityFocus: The Linux kernel is susceptible to a remote buffer-overflow vulnerability. This issue is due to the kernel's failure to properly bounds-check user-supplied input before using it in a memory copy operation. This issue allows remote attackers to overwrite kernel memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of affected kernels. This vulnerability facilitates the complete compromise of affected computers. Linux kernel versions prior to 2.6.16 in the 2.6 series are affected by this issue.
Harald Welte (netfilter core team) commented on this: http://www.mail-archive.com/netfilter-announce@lists.netfilter.org/msg00059.html It seems that the bug is NOT remote exploitable. So I removed "remote" from summary and decreased serverity to "major"
This might affect openvz-sources/vserver-sources; maintainers please confirm... No security risk otherwise.
*** Bug 127216 has been marked as a duplicate of this bug. ***
regarding vserver only those guests with CAP_NET_ADMIN might be affected which is off by default. regarding openvz as per upstream it is not an issue
@hollow: Understood, can you please patch the 2.6.15 series for this issue? Or possibly send the 2.6.16 series to stable. Thanks!
Upon further inspection with phreak, vserver is not affected by this (they implement the code themselves differently).
ok, good, since the 2.6.16 version will still take some time i'm afraid..
openvz also not affected, so this bug can be closed :)