Vulnerability CVE-2006-0039: Information

Description

Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE.

Severity: MEDIUM (4.7)

URL: https://nvd.nist.gov/vuln/detail/CVE-2006-0039
Published: May 20, 2006
Modified: Feb. 13, 2023
Error type identifier: CWE-362

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698
    http://bugs.gentoo.org/show_bug.cgi?id=133465
    • Patch
    http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17
      20185
        18113
          DSA-1097
            20671
              DSA-1103
                20914
                  USN-311-1
                    20991
                      25697
                        RHSA-2006:0689
                          22292
                            http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm
                              22945
                                21476
                                  ADV-2006-1893
                                    ADV-2006-2554
                                      linux-doaddcounters-race-condition(26583)
                                        oval:org.mitre.oval:def:10309
                                          http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2722971cbe831117686039d5c334f2c0f560be13

                                              1. Configuration 1

                                                cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*
                                            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                                            Version: v24.4.2
                                            Back to top