Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
727
VMScore

CVE-2016-3135

Published: 27/04/2016 Updated: 07/11/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 727
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Linux Kernel

Vulnerability Summary

Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel up to and including 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

canonical ubuntu linux 16.04

canonical ubuntu linux 15.10

canonical ubuntu linux 14.04

Vendor Advisories

Amazon Linux AMI: ALAS-2016-694
An integer overflow vulnerability was found in xt_alloc_table_info, which on 32-bit systems can lead to small structure allocation and a copy_from_user based heap corruption (CVE-2016-3135) In the mark_source_chains function (net/ipv4/netfilter/ip_tablesc) it is possible for a user-supplied ipt_entry structure to have a large next_offset field T ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-xenial vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-raspi2 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-wily vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-snapdragon vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-raspi2 vulnerabilities
Several security issues were fixed in the kernel ...
Red Hat: CVE-2016-3135
An integer overflow vulnerability was found in the Linux kernel in xt_alloc_table_info, which on 32-bit systems can lead to small structure allocation and a copy_from_user based heap corruption ...

Exploits

Exploit DB: Linux Kernel 3.10/3.18 /4.4 - Netfilter IPT_SO_SET_REPLACE Memory Corruption
Source: codegooglecom/p/google-security-research/issues/detail?id=758 A memory corruption vulnerability exists in the IPT_SO_SET_REPLACE ioctl in the netfilter code for iptables support This ioctl is can be triggered by an unprivileged user on PF_INET sockets when unprivileged user namespaces are available (CONFIG_USER_NS=y) Android do ...

Github Repositories

https://github.com/containers/bubblewrap

Low-level unprivileged sandboxing tool used by Flatpak and similar projects

Bubblewrap Many container runtime tools like systemd-nspawn, docker, etc focus on providing infrastructure for system administrators and orchestration tools (eg Kubernetes) to run containers These tools are not suitable to give to unprivileged users, because it is trivial to turn such access into a fully privileged root shell on the host User namespaces There is an effort

https://github.com/projectatomic/bubblewrap

Low-level unprivileged sandboxing tool used by Flatpak and similar projects

Bubblewrap Many container runtime tools like systemd-nspawn, docker, etc focus on providing infrastructure for system administrators and orchestration tools (eg Kubernetes) to run containers These tools are not suitable to give to unprivileged users, because it is trivial to turn such access into a fully privileged root shell on the host User namespaces There is an effort

https://github.com/deepin-community/bubblewrap

Bubblewrap Many container runtime tools like systemd-nspawn, docker, etc focus on providing infrastructure for system administrators and orchestration tools (eg Kubernetes) to run containers These tools are not suitable to give to unprivileged users, because it is trivial to turn such access into to a fully privileged root shell on the host User namespaces There is an effo

https://github.com/FFHixio/bubble-wrap-tool

Many container runtime tools like systemd-nspawn, docker, etc. focus on providing infrastructure for system administrators and orchestration tools (e.g. Kubernetes) to run containers

Bubblewrap Many container runtime tools like systemd-nspawn, docker, etc focus on providing infrastructure for system administrators and orchestration tools (eg Kubernetes) to run containers These tools are not suitable to give to unprivileged users, because it is trivial to turn such access into to a fully privileged root shell on the host User namespaces There is an effo

https://github.com/darmon77/bwrap-ddsec

Perfiles sandboxing sin privilegios bubblewrap

Bwrap-ddsec Perfile de sandboxing sin privilegios para bubblewrap Muchas herramientas de tiempo de ejecución de contenedores, como systemd-nspawn, dockeretc, se centran en proporcionar infraestructura para administradores de sistemas y herramientas de orquestación (por ejemplo, Kubernetes) para ejecutar contenedores Estas herramientas no son adecuadas para d&aa

https://github.com/balabit-deps/balabit-os-7-bubblewrap

Bubblewrap Many container runtime tools like systemd-nspawn, docker, etc focus on providing infrastructure for system administrators and orchestration tools (eg Kubernetes) to run containers These tools are not suitable to give to unprivileged users, because it is trivial to turn such access into to a fully privileged root shell on the host User namespaces There is an effo

https://github.com/balabit-deps/balabit-os-9-bubblewrap

Bubblewrap Many container runtime tools like systemd-nspawn, docker, etc focus on providing infrastructure for system administrators and orchestration tools (eg Kubernetes) to run containers These tools are not suitable to give to unprivileged users, because it is trivial to turn such access into a fully privileged root shell on the host User namespaces There is an effort

https://github.com/balabit-deps/balabit-os-8-bubblewrap

Bubblewrap Many container runtime tools like systemd-nspawn, docker, etc focus on providing infrastructure for system administrators and orchestration tools (eg Kubernetes) to run containers These tools are not suitable to give to unprivileged users, because it is trivial to turn such access into to a fully privileged root shell on the host User namespaces There is an effo

References

CWE-189NVD-CWE-Otherhttps://code.google.com/p/google-security-research/issues/detail?id=758http://www.ubuntu.com/usn/USN-2930-1http://www.ubuntu.com/usn/USN-3054-1http://www.ubuntu.com/usn/USN-2930-2https://github.com/torvalds/linux/commit/d157bd761585605b7882935ffb86286919f62ea1http://www.ubuntu.com/usn/USN-3055-1http://www.ubuntu.com/usn/USN-3056-1http://www.ubuntu.com/usn/USN-2930-3http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d157bd761585605b7882935ffb86286919f62ea1https://bugzilla.redhat.com/show_bug.cgi?id=1317386http://www.ubuntu.com/usn/USN-3057-1http://www.securityfocus.com/bid/84305https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2016-694.htmlhttps://www.exploit-db.com/exploits/39545/https://usn.ubuntu.com/2930-1/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook