2.1

CVE-2006-5461

Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AvahiAvahi Version <= 0.6.14
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.311
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/22932
http://www.novell.com/linux/security/advisories/2006_26_sr.html
http://avahi.org/milestone/Avahi%200.6.15
http://secunia.com/advisories/22807
Patch
Vendor Advisory
http://secunia.com/advisories/22852
Patch
Vendor Advisory
http://secunia.com/advisories/23020
http://secunia.com/advisories/23042
http://securitytracker.com/id?1017257
http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:215
http://www.securityfocus.com/bid/21016
http://www.vupen.com/english/advisories/2006/4474
https://exchange.xforce.ibmcloud.com/vulnerabilities/30207
https://tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html
https://usn.ubuntu.com/380-1/