Vulnerability Description
Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avahi | Avahi | <= 0.6.14 |
References
- http://avahi.org/milestone/Avahi%200.6.15
- http://secunia.com/advisories/22807PatchVendor Advisory
- http://secunia.com/advisories/22852PatchVendor Advisory
- http://secunia.com/advisories/22932
- http://secunia.com/advisories/23020
- http://secunia.com/advisories/23042
- http://securitytracker.com/id?1017257
- http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:215
- http://www.novell.com/linux/security/advisories/2006_26_sr.html
- http://www.securityfocus.com/bid/21016
- http://www.vupen.com/english/advisories/2006/4474
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30207
- https://tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html
- https://usn.ubuntu.com/380-1/
FAQ
What is CVE-2006-5461?
CVE-2006-5461 is a vulnerability with a CVSS score of 2.1 (LOW). Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Av...
How severe is CVE-2006-5461?
CVE-2006-5461 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5461?
Check the references section above for vendor advisories and patch information. Affected products include: Avahi Avahi.