[email protected]CVE-2006-5461

HistoryNov 14, 2006 - 10:07 p.m.

CVE-2006-5461

2006-11-1422:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

avahi

cve-2006-5461

security vulnerability

local users

network spoofing

5.8 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

9.8%

JSON

Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.

CPENameOperatorVersion
avahi:avahiavahile0.6.14

CPE	Name	Operator	Version
avahi:avahi	avahi	le	0.6.14

References

avahi.org/milestone/Avahi%200.6.15

secunia.com/advisories/22807

secunia.com/advisories/22852

secunia.com/advisories/22932

secunia.com/advisories/23020

secunia.com/advisories/23042

securitytracker.com/id?1017257

www.gentoo.org/security/en/glsa/glsa-200611-13.xml

www.mandriva.com/security/advisories?name=MDKSA-2006:215

www.novell.com/linux/security/advisories/2006_26_sr.html

www.securityfocus.com/bid/21016

www.vupen.com/english/advisories/2006/4474

exchange.xforce.ibmcloud.com/vulnerabilities/30207

tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html

usn.ubuntu.com/380-1/

5.8 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

9.8%

JSON

Related for CVE-2006-5461

openvas5 nessus5 debiancve1 ubuntu1 securityvulns1 cvelist1 gentoo1 ubuntucve1 fedora1