Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1342

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2006-1342
Last Modified 07 Mar 2011 09:32:50
Published 21 Mar 2006 01:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-1342

Summary

net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.

Vulnerable Systems

Operating System

  • Linux Kernel 2.4.0


References

CONFIRM - http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b

VUPEN - ADV-2006-4502

MLIST - [linux-netdev] 20060304 BUG: Small information leak in SO_ORIGINAL_DST (2.4 and 2.6) and

CONFIRM - http://www.vmware.com/download/esx/esx-254-200610-patch.html

CONFIRM - http://www.vmware.com/download/esx/esx-213-200610-patch.html

CONFIRM - http://www.vmware.com/download/esx/esx-202-200610-patch.html

BID - 17203

BUGTRAQ - 20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2

BUGTRAQ - 20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1

BUGTRAQ - 20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2

BUGTRAQ - 20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4

REDHAT - RHSA-2006:0580

REDHAT - RHSA-2006:0579

SUSE - SUSE-SA:2006:028

SECUNIA - 22875

SECUNIA - 21035

SECUNIA - 20398

SECUNIA - 19357


Last Updated: 27 May 2016 10:42:02