CVE - CVE-2006-0039

CVE-ID
CVE-2006-0039	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:18113 URL:http://www.securityfocus.com/bid/18113 MISC:20185 URL:http://secunia.com/advisories/20185 MISC:20671 URL:http://secunia.com/advisories/20671 MISC:20914 URL:http://secunia.com/advisories/20914 MISC:20991 URL:http://secunia.com/advisories/20991 MISC:21476 URL:http://secunia.com/advisories/21476 MISC:22292 URL:http://secunia.com/advisories/22292 MISC:22945 URL:http://secunia.com/advisories/22945 MISC:25697 URL:~~http://www.osvdb.org/25697~~ (Obsolete source) MISC:ADV-2006-1893 URL:~~http://www.vupen.com/english/advisories/2006/1893~~ (Obsolete source) MISC:ADV-2006-2554 URL:~~http://www.vupen.com/english/advisories/2006/2554~~ (Obsolete source) MISC:DSA-1097 URL:http://www.debian.org/security/2006/dsa-1097 MISC:DSA-1103 URL:http://www.debian.org/security/2006/dsa-1103 MISC:RHSA-2006:0689 URL:http://www.redhat.com/support/errata/RHSA-2006-0689.html MISC:USN-311-1 URL:http://www.ubuntu.com/usn/usn-311-1 MISC:http://bugs.gentoo.org/show_bug.cgi?id=133465 URL:http://bugs.gentoo.org/show_bug.cgi?id=133465 MISC:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17 URL:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17 MISC:http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm MISC:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2722971cbe831117686039d5c334f2c0f560be13 URL:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2722971cbe831117686039d5c334f2c0f560be13 MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698 URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698 MISC:linux-doaddcounters-race-condition(26583) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26583 MISC:oval:org.mitre.oval:def:10309 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10309
Assigning CNA
Red Hat, Inc.
Date Record Created
20051220	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20051220)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Site Map | Terms of Use | Privacy Policy | Contact Us | Follow CVE

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.