[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250039

 
 

909

 
 

195882

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-1343Date: (C)2006-03-21   (M)2023-12-22


net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
-17203
-19357
-19955
2006-0032
http://www.securityfocus.com/archive/1/435490/100/0/threaded
http://www.securityfocus.com/archive/1/451419/100/200/threaded
http://www.securityfocus.com/archive/1/451404/100/0/threaded
http://www.securityfocus.com/archive/1/451417/100/200/threaded
http://www.securityfocus.com/archive/1/451426/100/200/threaded
-20671
-21045
-21136
-21465
-21983
-22093
-22417
-22875
-29841
ADV-2006-2071
ADV-2006-4502
DSA-1097
DSA-1184
MDKSA-2006:123
MDKSA-2006:150
RHSA-2006:0437
RHSA-2006:0575
RHSA-2006:0579
RHSA-2006:0580
USN-281-1
http://marc.info/?l=linux-netdev&m=114148078223594&w=2
http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
http://www.vmware.com/download/esx/esx-202-200610-patch.html
http://www.vmware.com/download/esx/esx-213-200610-patch.html
http://www.vmware.com/download/esx/esx-254-200610-patch.html
linux-sockaddr-memory-leak(25425)
oval:org.mitre.oval:def:10875

CPE    2
cpe:/o:linux:linux_kernel:2.4.0
cpe:/o:linux:linux_kernel:2.6.0

© SecPod Technologies