PT-2006-1080 · Avahi · Avahi

Published

2006-11-14

Updated

2024-06-15

CVE-2006-5461

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Avahi versions prior to 0.6.15

Description: The issue concerns a lack of verification of the sender identity of netlink messages, allowing local users to spoof network changes. This can lead to disruption of protected information integrity. The exploitation of this issue can be carried out locally.

Recommendations: For versions prior to 0.6.15, update to version 0.6.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the Avahi service to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-09539

CVE-2006-5461

OPENSUSE-SU-2024:10643-1

Affected Products

Avahi

PT-2006-1080 · Avahi · Avahi

CVE-2006-5461

Related Identifiers

Affected Products

References · 30