CVE-2006-1342 - net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 soc

CVE-2006-1342

Summary

net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 18-10-2018 - 16:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

redhat via4

advisories

rhsa
id RHSA-2006:0579
rhsa
id RHSA-2006:0580

refmap via4

bid	17203
bugtraq	20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1 20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2
confirm	http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b http://www.vmware.com/download/esx/esx-202-200610-patch.html http://www.vmware.com/download/esx/esx-213-200610-patch.html http://www.vmware.com/download/esx/esx-254-200610-patch.html
mlist	[linux-netdev] 20060304 BUG: Small information leak in SO_ORIGINAL_DST (2.4 and 2.6) and
secunia	19357 20398 21035 22875
suse	SUSE-SA:2006:028
vupen	ADV-2006-4502

Last major update

18-10-2018 - 16:32

Published

21-03-2006 - 18:02

Last modified

18-10-2018 - 16:32