Lucene search

RedhatCVE-2006-5461

HistoryNov 14, 2006 - 10:07 p.m.

CVE-2006-5461

2006-11-1422:07:00

redhat

web.nvd.nist.gov

avahi

cve-2006-5461

security vulnerability

local users

network spoofing

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

Low

EPSS

Percentile

10.1%

JSON

Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.

Affected configurations

Nvd

Node

avahiavahiRange≤0.6.14

VendorProductVersionCPE
avahiavahi*cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
avahi	avahi	*	cpe:2.3:a:avahi:avahi::::::::

References

avahi.org/milestone/Avahi%200.6.15

secunia.com/advisories/22807

secunia.com/advisories/22852

secunia.com/advisories/22932

secunia.com/advisories/23020

secunia.com/advisories/23042

securitytracker.com/id?1017257

www.gentoo.org/security/en/glsa/glsa-200611-13.xml

www.mandriva.com/security/advisories?name=MDKSA-2006:215

www.novell.com/linux/security/advisories/2006_26_sr.html

www.securityfocus.com/bid/21016

www.vupen.com/english/advisories/2006/4474

exchange.xforce.ibmcloud.com/vulnerabilities/30207

tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html

usn.ubuntu.com/380-1/

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

Low

EPSS

Percentile

10.1%

JSON

Related for CVE-2006-5461