Race condition in Linux kernel

Published: 2006-05-20

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2006-0039
CWE-ID	CWE-362
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Linux kernel Operating systems & Components / Operating system
Vendor	Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Race condition

EUVDB-ID: #VU95754

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2006-0039

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to access sensitive information or perform a denial of service (DoS) attack.

Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE.

Mitigation

Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

CPE2.3

cpe:2.3:o:linux_foundation:linux_kernel:*:*:*:*:*:*:*:*

External links

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698
https://bugs.gentoo.org/show_bug.cgi?id=133465
https://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17
https://secunia.com/advisories/20185
https://www.securityfocus.com/bid/18113
https://www.debian.org/security/2006/dsa-1097
https://secunia.com/advisories/20671
https://www.debian.org/security/2006/dsa-1103
https://secunia.com/advisories/20914
https://www.ubuntu.com/usn/usn-311-1
https://secunia.com/advisories/20991
https://www.osvdb.org/25697
https://www.redhat.com/support/errata/RHSA-2006-0689.html
https://secunia.com/advisories/22292
https://support.avaya.com/elmodocs2/security/ASA-2006-249.htm
https://secunia.com/advisories/22945
https://secunia.com/advisories/21476
https://www.vupen.com/english/advisories/2006/1893
https://www.vupen.com/english/advisories/2006/2554
https://exchange.xforce.ibmcloud.com/vulnerabilities/26583
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10309
https://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2722971cbe831117686039d5c334f2c0f560be13

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.