[VIM] Clarification on do_replace netfilter overflow

Steven M. Christey coley at mitre.org
Wed Mar 22 14:51:24 EST 2006

FYI, Red Hat has a clarification on the do_replace netfilter; original
BID details apparently had some errors.  Check the bugzilla reference
in the CVE below.

- Steve

Name: CVE-2006-0038
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0038
Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186295
Reference: CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ee4bb818ae35f68d1f848eae0a7b150a38eb4168
Reference: BID:17178
Reference: URL:http://www.securityfocus.com/bid/17178

Integer overflow in the do_replace function in netfilter for Linux
before 2.6.16-rc3, when using "virtualization solutions" such as
OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer
overflow in the copy_from_user function.

More information about the VIM mailing list