Lucene search
Gentoo FoundationGLSA-200611-13HistoryNov 20, 2006 - 12:00 a.m.
Avahi: "netlink" message vulnerability
2006-11-2000:00:00
Gentoo Foundation
security.gentoo.org
7
0.0004 Low
EPSS
Percentile
9.8%
Background
Avahi is a system that facilitates service discovery on a local network.
Description
Avahi does not check that the netlink messages come from the kernel instead of a user-space process.
Impact
A local attacker could exploit this vulnerability by crafting malicious netlink messages and trick Avahi to react to fake network changes. This could lead users to connect to untrusted services without knowing.
Workaround
There is no known workaround at this time.
Resolution
All Avahi users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/avahi-0.6.15"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-dns/avahi | < 0.6.15 | UNKNOWN |
Related
openvas
openvas
Gentoo Security Advisory GLSA 200611-13 (avahi)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200611-13 (avahi)
2008-09-24 00:00:00
Ubuntu: Security Advisory (USN-380-1)
2022-08-26 00:00:00
nessus
nessus
SuSE 10 Security Update : avahi (ZYPP Patch Number 2216)
2007-12-13 00:00:00
GLSA-200611-13 : Avahi: 'netlink' message vulnerability
2006-11-22 00:00:00
Ubuntu 5.10 / 6.06 LTS / 6.10 : avahi vulnerability (USN-380-1)
2007-11-10 00:00:00
debiancve
debiancve
CVE-2006-5461
2006-11-14 22:07:00
ubuntu
ubuntu
Avahi vulnerability
2006-11-11 00:00:00
cve
cve
CVE-2006-5461
2006-11-14 22:07:00
securityvulns
securityvulns
[Full-disclosure] [USN-380-1] Avahi vulnerability
2006-11-11 00:00:00
cvelist
cvelist
CVE-2006-5461
2006-11-14 22:00:00
ubuntucve
ubuntucve
CVE-2006-5461
2006-11-14 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: avahi-0.6.11-3.fc5
2007-01-07 19:20:13