Vulnerability Details : CVE-2006-5461
Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.
Products affected by CVE-2006-5461
- cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-5461
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-5461
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
References for CVE-2006-5461
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:215
Mandriva
-
https://usn.ubuntu.com/380-1/
404: Page not found | Ubuntu
-
http://www.vupen.com/english/advisories/2006/4474
Site en construction
-
http://www.novell.com/linux/security/advisories/2006_26_sr.html
Security - Support | SUSE
-
http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml
Avahi: "netlink" message vulnerability (GLSA 200611-13) — Gentoo security
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/30207
Avahi netlink security bypass CVE-2006-5461 Vulnerability Report
-
http://www.securityfocus.com/bid/21016
-
https://tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html
-
http://avahi.org/milestone/Avahi%200.6.15
Page not found · GitHub Pages
-
http://securitytracker.com/id?1017257
Access Denied
Jump to