CVE-2006-0038

Advisory lineage Upstream: 0 Downstream: 3
Modified
Published: 22 Mar 2006, 20:00
Last modified:07 Aug 2024, 16:18

Vulnerability Summary

Overall Risk (default)
medium
28/100
CVSS Score
6.9 MEDIUM
v2.0 (nvd)
EPSS Score
0.09% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

22 Mar 2006, 20:00
Published
Vulnerability first disclosed
07 Aug 2024, 16:18
Last Modified
Vulnerability information updated

Description

Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer overflow in the copy_from_user function.

CVSS Metrics

  • v2.0MEDIUMScore: 6.9AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.09% Percentile: 26%

Techniques & Countermeasures

  • CWE-189Numeric Errors

    Weaknesses in this category are related to improper calculation or conversion of numbers.

Affected Systems

  • linuxlinux_kernel

    2.6.0 | 2.6.0:test1 | 2.6.0:test10 | 2.6.0:test11 | 2.6.0:test2 | 2.6.0:test3 | 2.6.0:test4 | 2.6.0:test5 | 2.6.0:test6 | 2.6.0:test7 | 2.6.0:test8 | 2.6.0:test9 | 2.6.1 | 2.6.1:rc1 | 2.6.1:rc2 | 2.6.2 | 2.6.3 | 2.6.4 | 2.6.5 | 2.6.6 | 2.6.6:rc1 | 2.6.7 | 2.6.7:rc1 | 2.6.8 | 2.6.8:rc1 | 2.6.8:rc2 | 2.6.8:rc3 | 2.6.9:2.6.20 | 2.6.10 | 2.6.10:rc2 | 2.6.11 | 2.6.11:rc2 | 2.6.11:rc3 | 2.6.11:rc4 | 2.6.11.5 | 2.6.11.6 | 2.6.11.7 | 2.6.11.8 | 2.6.11.11 | 2.6.11.12 | 2.6.12:rc1 | 2.6.12:rc4 | 2.6.12:rc5 | 2.6.12.1 | 2.6.12.2 | 2.6.12.3 | 2.6.12.4 | 2.6.12.5 | 2.6.12.6 | 2.6.13 | 2.6.13:rc1 | 2.6.13:rc4 | 2.6.13:rc6 | 2.6.13:rc7 | 2.6.13.1 | 2.6.13.2 | 2.6.13.3 | 2.6.13.4 | 2.6.14 | 2.6.14:rc1 | 2.6.14:rc2 | 2.6.14:rc3 | 2.6.14:rc4 | 2.6.14.1 | 2.6.14.2 | 2.6.14.3 | 2.6.14.4 | 2.6.14.5 | 2.6.15 | 2.6.15:rc1 | 2.6.15:rc2 | 2.6.15:rc3 | 2.6.15.1 | 2.6.15.2 | 2.6.15.3 | 2.6.15.4 | 2.6.15.5 | 2.6.16:rc1 | 2.6_test9_cvs

References (18)