CVE-2006-0039

EPSS 0.07%
Published 19.05.2006 22:02:00
Last modified 03.04.2025 01:03:51
Source secalert@redhat.com
Teams watchlist Login
Open Login

Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE.

Affected products Warnungen 0 Metrics 2 CWE 1 References 25

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version2.6.16

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.204

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.7	1.9	7.8	AV:L/AC:H/Au:N/C:P/I:N/A:C

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://secunia.com/advisories/21476

http://secunia.com/advisories/20914

http://www.debian.org/security/2006/dsa-1103

http://www.vupen.com/english/advisories/2006/2554

http://secunia.com/advisories/22292

http://secunia.com/advisories/22945

http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm

http://www.redhat.com/support/errata/RHSA-2006-0689.html

http://secunia.com/advisories/20671

http://www.debian.org/security/2006/dsa-1097

http://bugs.gentoo.org/show_bug.cgi?id=133465

Patch