Vulnerability Details : CVE-2006-1342
net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.
Products affected by CVE-2006-1342
- cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-1342
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-1342
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
References for CVE-2006-1342
-
http://www.securityfocus.com/archive/1/451419/100/200/threaded
-
http://www.securityfocus.com/bid/17203
-
http://www.securityfocus.com/archive/1/451404/100/0/threaded
-
http://marc.info/?l=linux-netdev&m=114148078223594&w=2
-
http://www.redhat.com/support/errata/RHSA-2006-0580.html
-
http://www.novell.com/linux/security/advisories/2006-05-31.html
-
http://www.vmware.com/download/esx/esx-254-200610-patch.html
Page not found
-
http://www.securityfocus.com/archive/1/451417/100/200/threaded
-
http://www.vupen.com/english/advisories/2006/4502
Site en construction
-
http://www.vmware.com/download/esx/esx-202-200610-patch.html
Page not found
-
http://www.vmware.com/download/esx/esx-213-200610-patch.html
Page not found
-
http://www.redhat.com/support/errata/RHSA-2006-0579.html
-
http://www.securityfocus.com/archive/1/451426/100/200/threaded
-
http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b
Patch
Jump to