Published: 14/11/2006 Updated: 03/10/2018

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Avahi prior to 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.

Vulnerable Product	Search on Vulmon	Subscribe to Product
avahi avahi

Steve Grubb discovered that netlink messages were not being checked for their sender identity This could lead to local users manipulating the Avahi service ...

NVD-CWE-Other https://tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html http://avahi.org/milestone/Avahi%200.6.15 http://secunia.com/advisories/22807 http://secunia.com/advisories/22852 http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:215 http://www.novell.com/linux/security/advisories/2006_26_sr.html http://www.securityfocus.com/bid/21016 http://securitytracker.com/id?1017257 http://secunia.com/advisories/23020 http://secunia.com/advisories/23042 http://secunia.com/advisories/22932 http://www.vupen.com/english/advisories/2006/4474 https://exchange.xforce.ibmcloud.com/vulnerabilities/30207 https://usn.ubuntu.com/380-1/https://usn.ubuntu.com/380-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-5461

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect