127216 – Linux Kernel Netfilter Do_Replace Local Buffer Overflow Vulnerability

Bug 127216 - Linux Kernel Netfilter Do_Replace Local Buffer Overflow Vulnerability

Summary: Linux Kernel Netfilter Do_Replace Local Buffer Overflow Vulnerability

Status:	RESOLVED DUPLICATE of bug 127162

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://www.securityfocus.com/bid/17178/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-03-22 12:00 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified:	2006-03-27 13:28 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-03-22 12:00:33 UTC

The Linux kernel is susceptible to a local buffer-overflow vulnerability. This issue is due to the kernel's failure to properly bounds-check user-supplied input before using it in a memory copy operation.

This issue allows local attackers to overwrite kernel memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of affected kernels. This vulnerability facilitates the complete compromise of affected computers.

This issue is only exploitable by local users who have superuser privileges, or have the CAP_NET_ADMIN capability. This issue is therefore only a security concern on computers running virtualization software that allows users to have superuser access to guest operating systems, or when the CAP_NET_ADMIN capability is given to untrusted users.

Linux kernel versions prior to 2.6.16 in the 2.6 series are affected by this issue.

Comment 1 Tim Yamin (RETIRED) gentoo-dev

2006-03-27 13:28:39 UTC


*** This bug has been marked as a duplicate of 127162 ***