Vulnerability Description
net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 2.4.0 |
References
- http://marc.info/?l=linux-netdev&m=114148078223594&w=2
- http://secunia.com/advisories/19357
- http://secunia.com/advisories/19955
- http://secunia.com/advisories/20671
- http://secunia.com/advisories/21045
- http://secunia.com/advisories/21136
- http://secunia.com/advisories/21465
- http://secunia.com/advisories/21983
- http://secunia.com/advisories/22093
- http://secunia.com/advisories/22417
- http://secunia.com/advisories/22875
- http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
- http://www.debian.org/security/2006/dsa-1097
- http://www.debian.org/security/2006/dsa-1184
FAQ
What is CVE-2006-1343?
CVE-2006-1343 is a vulnerability with a CVSS score of 2.1 (LOW). net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket...
How severe is CVE-2006-1343?
CVE-2006-1343 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1343?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.