[email protected]NVD:CVE-2006-5461

HistoryNov 14, 2006 - 10:07 p.m.

CVE-2006-5461

2006-11-1422:07:00

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

Low

EPSS

Percentile

10.1%

JSON

Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.

Affected configurations

Nvd

Node

avahiavahiRange≤0.6.14

VendorProductVersionCPE
avahiavahi*cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
avahi	avahi	*	cpe:2.3:a:avahi:avahi::::::::

References

avahi.org/milestone/Avahi%200.6.15

secunia.com/advisories/22807

secunia.com/advisories/22852

secunia.com/advisories/22932

secunia.com/advisories/23020

secunia.com/advisories/23042

securitytracker.com/id?1017257

www.gentoo.org/security/en/glsa/glsa-200611-13.xml

www.mandriva.com/security/advisories?name=MDKSA-2006:215

www.novell.com/linux/security/advisories/2006_26_sr.html

www.securityfocus.com/bid/21016

www.vupen.com/english/advisories/2006/4474

exchange.xforce.ibmcloud.com/vulnerabilities/30207

tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html

usn.ubuntu.com/380-1/

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

Low

EPSS

Percentile

10.1%

JSON

Related for NVD:CVE-2006-5461

debiancve1 openvas5 nessus5 ubuntu1 cve1 ubuntucve1 securityvulns1 gentoo1 cvelist1 fedora1 osv1