CVE-2006-5461

medium

Description

Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.

References

https://usn.ubuntu.com/380-1/

https://tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/30207

http://www.vupen.com/english/advisories/2006/4474

http://www.securityfocus.com/bid/21016

http://www.novell.com/linux/security/advisories/2006_26_sr.html

http://www.mandriva.com/security/advisories?name=MDKSA-2006:215

http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml

http://securitytracker.com/id?1017257

http://secunia.com/advisories/23042

http://secunia.com/advisories/23020

http://secunia.com/advisories/22932

http://secunia.com/advisories/22852

http://secunia.com/advisories/22807

http://avahi.org/milestone/Avahi%200.6.15

Details

Source: Mitre, NVD

Published: 2006-11-14

Updated: 2018-10-03

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium

Detections

Analytics