Vulnerability Description
The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netbsd | Netbsd | 1.6 |
References
- ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-005.txt.ascVendor Advisory
- http://secunia.com/advisories/19464Vendor Advisory
- http://securitytracker.com/id?1015846Patch
- http://www.osvdb.org/24262
- http://www.securityfocus.com/bid/17312PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25582
- ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-005.txt.ascVendor Advisory
- http://secunia.com/advisories/19464Vendor Advisory
- http://securitytracker.com/id?1015846Patch
- http://www.osvdb.org/24262
- http://www.securityfocus.com/bid/17312PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25582
FAQ
What is CVE-2006-1588?
CVE-2006-1588 is a vulnerability with a CVSS score of 2.1 (LOW). The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kerne...
How severe is CVE-2006-1588?
CVE-2006-1588 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1588?
Check the references section above for vendor advisories and patch information. Affected products include: Netbsd Netbsd.