Vulnerability Details : CVE-2006-1342
net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.
Exploit prediction scoring system (EPSS) score for CVE-2006-1342
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-1342
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
References for CVE-2006-1342
- http://www.securityfocus.com/archive/1/451419/100/200/threaded
- http://www.securityfocus.com/bid/17203
- http://www.securityfocus.com/archive/1/451404/100/0/threaded
- http://marc.info/?l=linux-netdev&m=114148078223594&w=2
- http://www.redhat.com/support/errata/RHSA-2006-0580.html
- http://www.novell.com/linux/security/advisories/2006-05-31.html
- http://www.vmware.com/download/esx/esx-254-200610-patch.html
- http://www.securityfocus.com/archive/1/451417/100/200/threaded
- http://www.vupen.com/english/advisories/2006/4502
- http://www.vmware.com/download/esx/esx-202-200610-patch.html
- http://www.vmware.com/download/esx/esx-213-200610-patch.html
- http://www.redhat.com/support/errata/RHSA-2006-0579.html
- http://www.securityfocus.com/archive/1/451426/100/200/threaded
-
http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b
Patch
Products affected by CVE-2006-1342
- cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*