Summary: | Linux Kernel Netfilter do_replace() Local Buffer Overflow Vulnerability (CVE-2006-0038) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Christian Bricart <christian> |
Component: | Kernel | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | major | CC: | jaervosz, vserver-devs+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.securityfocus.com/bid/17178/info | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Christian Bricart
2006-03-22 02:13:11 UTC
Harald Welte (netfilter core team) commented on this: http://www.mail-archive.com/netfilter-announce@lists.netfilter.org/msg00059.html It seems that the bug is NOT remote exploitable. So I removed "remote" from summary and decreased serverity to "major" This might affect openvz-sources/vserver-sources; maintainers please confirm... No security risk otherwise. *** Bug 127216 has been marked as a duplicate of this bug. *** regarding vserver only those guests with CAP_NET_ADMIN might be affected which is off by default. regarding openvz as per upstream it is not an issue @hollow: Understood, can you please patch the 2.6.15 series for this issue? Or possibly send the 2.6.16 series to stable. Thanks! Upon further inspection with phreak, vserver is not affected by this (they implement the code themselves differently). ok, good, since the 2.6.16 version will still take some time i'm afraid.. openvz also not affected, so this bug can be closed :) |