2.1
CVE-2006-5461
- EPSS 0.4%
- Veröffentlicht 14.11.2006 22:07:00
- Zuletzt bearbeitet 16.06.2026 22:31:14
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.311 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:P/A:N
|
http://secunia.com/advisories/22932
http://www.novell.com/linux/security/advisories/2006_26_sr.html
http://avahi.org/milestone/Avahi%200.6.15
http://secunia.com/advisories/22807
http://secunia.com/advisories/22852
http://secunia.com/advisories/23020
http://secunia.com/advisories/23042
http://securitytracker.com/id?1017257
http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:215
http://www.securityfocus.com/bid/21016
http://www.vupen.com/english/advisories/2006/4474
https://exchange.xforce.ibmcloud.com/vulnerabilities/30207
https://tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html
https://usn.ubuntu.com/380-1/