Vulnerability Details : CVE-2006-1343
net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory.
Products affected by CVE-2006-1343
- cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-1343
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-1343
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
References for CVE-2006-1343
-
http://www.securityfocus.com/archive/1/435490/100/0/threaded
-
http://www.securityfocus.com/archive/1/451419/100/200/threaded
-
http://www.securityfocus.com/bid/17203
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/25425
-
http://www.securityfocus.com/archive/1/451404/100/0/threaded
-
http://www.redhat.com/support/errata/RHSA-2006-0575.html
Support
-
http://marc.info/?l=linux-netdev&m=114148078223594&w=2
-
https://usn.ubuntu.com/281-1/
-
http://www.vupen.com/english/advisories/2006/2071
-
http://www.redhat.com/support/errata/RHSA-2006-0580.html
-
http://www.vmware.com/download/esx/esx-254-200610-patch.html
Page not found
-
http://www.trustix.org/errata/2006/0032/
Trustix | Empowering Trust and Security in the Digital Age
-
http://www.securityfocus.com/archive/1/451417/100/200/threaded
-
http://www.vupen.com/english/advisories/2006/4502
Site en construction
-
http://www.vmware.com/download/esx/esx-202-200610-patch.html
Page not found
-
http://www.vmware.com/download/esx/esx-213-200610-patch.html
Page not found
-
http://www.redhat.com/support/errata/RHSA-2006-0579.html
-
http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10875
-
http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
ASA-2006-200 (RHSA-2006-0575)
-
http://www.securityfocus.com/archive/1/451426/100/200/threaded
-
http://www.redhat.com/support/errata/RHSA-2006-0437.html
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:123
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:150
-
http://www.debian.org/security/2006/dsa-1097
-
http://www.debian.org/security/2006/dsa-1184
Jump to