CVE-2006-6653 — LOW (1.7) — White Hats Nepal

Vulnerability Description

The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket").

CVSS Score

1.7

LOW

AV:L/AC:L/Au:S/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Netbsd	Netbsd	2.0

Related Weaknesses (CWE)

CWE-20

References

ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-026.txt.ascPatchVendor Advisory
http://securitytracker.com/id?1017293Patch
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-026.txt.ascPatchVendor Advisory
http://securitytracker.com/id?1017293Patch

FAQ

What is CVE-2006-6653?

CVE-2006-6653 is a vulnerability with a CVSS score of 1.7 (LOW). The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an ...

How severe is CVE-2006-6653?

CVE-2006-6653 has been rated LOW with a CVSS base score of 1.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-6653?

Check the references section above for vendor advisories and patch information. Affected products include: Netbsd Netbsd.