Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 127162

Summary: Linux Kernel Netfilter do_replace() Local Buffer Overflow Vulnerability (CVE-2006-0038)
Product: Gentoo Security Reporter: Christian Bricart <christian>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: major CC: jaervosz, vserver-devs+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.securityfocus.com/bid/17178/info
Whiteboard:
Package list:
Runtime testing required: ---

Description Christian Bricart 2006-03-22 02:13:11 UTC 
Quoting SecurityFocus:

The Linux kernel is susceptible to a remote buffer-overflow vulnerability. This issue is due to the kernel's failure to properly bounds-check user-supplied input before using it in a memory copy operation.

This issue allows remote attackers to overwrite kernel memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of affected kernels. This vulnerability facilitates the complete compromise of affected computers.

Linux kernel versions prior to 2.6.16 in the 2.6 series are affected by this issue.
Comment 1 Christian Bricart 2006-03-22 03:36:51 UTC 
Harald Welte (netfilter core team) commented on this:
http://www.mail-archive.com/netfilter-announce@lists.netfilter.org/msg00059.html

It seems that the bug is NOT remote exploitable.
So I removed "remote" from summary and decreased serverity to "major"
Comment 2 Tim Yamin (RETIRED) gentoo-dev 2006-03-27 13:16:04 UTC 
This might affect openvz-sources/vserver-sources; maintainers please confirm... No security risk otherwise.
Comment 3 Tim Yamin (RETIRED) gentoo-dev 2006-03-27 13:28:39 UTC 
*** Bug 127216 has been marked as a duplicate of this bug. ***
Comment 4 Benedikt Böhm (RETIRED) gentoo-dev 2006-03-29 07:02:24 UTC 
regarding vserver only those guests with CAP_NET_ADMIN might be affected which is off by default.

regarding openvz as per upstream it is not an issue
Comment 5 Tim Yamin (RETIRED) gentoo-dev 2006-04-15 13:14:02 UTC 
@hollow: Understood, can you please patch the 2.6.15 series for this issue? Or possibly send the 2.6.16 series to stable.

Thanks!
Comment 6 Tim Yamin (RETIRED) gentoo-dev 2006-04-16 10:59:07 UTC 
Upon further inspection with phreak, vserver is not affected by this (they implement the code themselves differently).
Comment 7 Benedikt Böhm (RETIRED) gentoo-dev 2006-04-16 19:15:54 UTC 
ok, good, since the 2.6.16 version will still take some time i'm afraid..
Comment 8 Tim Yamin (RETIRED) gentoo-dev 2006-04-17 06:41:48 UTC 
openvz also not affected, so this bug can be closed :)