Lucene search

[email protected]CVE-2006-6653

HistoryDec 20, 2006 - 2:28 a.m.

CVE-2006-6653

2006-12-2002:28:00

CWE-20

[email protected]

web.nvd.nist.gov

netbsd

cve-2006-6653

denial of service

socket

vulnerability

7 High

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka “a dangling socket”).

CPENameOperatorVersion
netbsd:netbsdnetbsdeqcurrent
netbsd:netbsdnetbsdeq3.0.1
netbsd:netbsdnetbsdeq3.0
netbsd:netbsdnetbsdeq2.0

CPE	Name	Operator	Version
netbsd:netbsd	netbsd	eq	current
netbsd:netbsd	netbsd	eq	3.0.1
netbsd:netbsd	netbsd	eq	3.0
netbsd:netbsd	netbsd	eq	2.0

References

ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-026.txt.asc

securitytracker.com/id?1017293

7 High

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON