// For flags

CVE-2006-0039

Debian Linux Security Advisory 1103-1

Severity Score

6.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE.

A race condition was discovered in the do_add_counters() functions. Processes which do not run with full root privileges, but have the CAP_NET_ADMIN capability can exploit this to crash the machine or read a random piece of kernel memory. In Ubuntu there are no packages that are affected by this, so this can only be an issue for you if you use third-party software that uses Linux capabilities. John Stultz discovered a faulty BUG_ON trigger in the handling of POSIX timers. A local attacker could exploit this to trigger a kernel oops and crash the machine. Dave Jones discovered that the PowerPC kernel did not perform certain required access_ok() checks. A local user could exploit this to read arbitrary kernel memory and crash the kernel on 64-bit systems, and possibly read arbitrary kernel memory on 32-bit systems. A design flaw was discovered in the prctl(PR_SET_DUMPABLE, ...) system call, which allowed a local user to have core dumps created in a directory he could not normally write to. This could be exploited to drain available disk space on system partitions, or, under some circumstances, to execute arbitrary code with full root privileges. This flaw only affects Ubuntu 6.06 LTS.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2005-12-20 CVE Reserved
  • 2006-05-19 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (24)
URL Tag Source
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17 X_refsource_confirm
http://secunia.com/advisories/20185 Third Party Advisory
http://secunia.com/advisories/20671 Third Party Advisory
http://secunia.com/advisories/20914 Third Party Advisory
http://secunia.com/advisories/20991 Third Party Advisory
http://secunia.com/advisories/21476 Third Party Advisory
http://secunia.com/advisories/22292 Third Party Advisory
http://secunia.com/advisories/22945 Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm X_refsource_confirm
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2722971cbe831117686039d5c334f2c0f560be13 X_refsource_misc
http://www.osvdb.org/25697 Vdb Entry
http://www.securityfocus.com/bid/18113 Vdb Entry
http://www.vupen.com/english/advisories/2006/1893 Vdb Entry
http://www.vupen.com/english/advisories/2006/2554 Vdb Entry
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698 X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/26583 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10309 Signature
URL Date SRC
URL Date SRC
http://bugs.gentoo.org/show_bug.cgi?id=133465 2023-02-13
URL Date SRC
http://www.debian.org/security/2006/dsa-1097 2023-02-13
http://www.debian.org/security/2006/dsa-1103 2023-02-13
http://www.redhat.com/support/errata/RHSA-2006-0689.html 2023-02-13
http://www.ubuntu.com/usn/usn-311-1 2023-02-13
https://access.redhat.com/security/cve/CVE-2006-0039 2006-10-05
https://bugzilla.redhat.com/show_bug.cgi?id=1617869 2006-10-05
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 2.6.16
Search vendor "Linux" for product "Linux Kernel" and version "2.6.16"
-
Affected