lst_hoe01kwsoft.de
Date: Wed Mar 22 2006 - 05:13:47 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Zitat von Robert Felber <r.felberek-muc.de>:

> Hello,
>
> it maybe offtopic, and some may have read it on the appropriate mailing list
> already:
>
> There exists a remote Netfilter Do_Replace Remote Buffer Overflow
> vulnerability in the linux 2.6 series up to Linux Kernel 2.6.16 -rc1.
> 2.6.16 has been released to fix that issue.
>
> More info on:
> http://www.securityfocus.com/bid/17178/info
>

Seams to be some misinformation :

[ Taken from a netfilter posting ]

As a member of the netfilter core team, I would like to ask you to
immediately stop spreading false information about an allegeldy remotely
exploitable vulnerability that simply doesn't exist.

I don't know how you come to the conclusion at
http://www.securityfocus.com/bid/17178/discuss, that "This issue allows
remote attackers to overwrite kernel memory with arbitrary data,
potentially allowing them to execute malicious machine code in the
context of affected kernels."

The respective bug [called do_replace() bug] is in a code path that can
ONLY be executed by a local root user. In fact, it is a bug in the
codepath for ruleset changes.

So unless you have a locally malicious root user (which could change the
ruleset anyway, and very likely load arbitrary code via kernel modules
or patch /proc/kmem), there is nothing that can be exploited.

Neither for local non-root users, not for any remote party.

Please correct information in your vulnerability data base as soon as
possible! Your wrong assessment has already been picked up by some
other news sites, and users are starting to inquire the project about a
security threat that doesn't even exist.

[-- end of posting --]

Regards

Andreas

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]