| Vulnerability Name: | CVE-2006-1343 | ||||||||||||||||||||||||
| Assigned: | 2006-03-04 | ||||||||||||||||||||||||
| Published: | 2006-03-04 | ||||||||||||||||||||||||
| Updated: | 2018-10-18 | ||||||||||||||||||||||||
| Summary: | net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2006-1343 Source: MLIST Type: UNKNOWN [linux-netdev] 20060304 BUG: Small information leak in SO_ORIGINAL_DST (2.4 and 2.6) and Source: SECUNIA Type: UNKNOWN 19357 Source: SECUNIA Type: UNKNOWN 19955 Source: SECUNIA Type: UNKNOWN 20671 Source: SECUNIA Type: UNKNOWN 21045 Source: SECUNIA Type: UNKNOWN 21136 Source: SECUNIA Type: UNKNOWN 21465 Source: SECUNIA Type: UNKNOWN 21983 Source: SECUNIA Type: UNKNOWN 22093 Source: SECUNIA Type: UNKNOWN 22417 Source: SECUNIA Type: UNKNOWN 22875 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm Source: DEBIAN Type: UNKNOWN DSA-1097 Source: DEBIAN Type: UNKNOWN DSA-1184 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:123 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:150 Source: OSVDB Type: UNKNOWN 29841 Source: REDHAT Type: UNKNOWN RHSA-2006:0437 Source: REDHAT Type: UNKNOWN RHSA-2006:0575 Source: REDHAT Type: UNKNOWN RHSA-2006:0579 Source: REDHAT Type: UNKNOWN RHSA-2006:0580 Source: BUGTRAQ Type: UNKNOWN 20060531 rPSA-2006-0087-1 kernel Source: BUGTRAQ Type: UNKNOWN 20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 Source: BUGTRAQ Type: UNKNOWN 20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 Source: BUGTRAQ Type: UNKNOWN 20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1 Source: BUGTRAQ Type: UNKNOWN 20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2 Source: BID Type: UNKNOWN 17203 Source: TRUSTIX Type: UNKNOWN 2006-0032 Source: CONFIRM Type: UNKNOWN http://www.vmware.com/download/esx/esx-202-200610-patch.html Source: CONFIRM Type: UNKNOWN http://www.vmware.com/download/esx/esx-213-200610-patch.html Source: CONFIRM Type: UNKNOWN http://www.vmware.com/download/esx/esx-254-200610-patch.html Source: VUPEN Type: UNKNOWN ADV-2006-2071 Source: VUPEN Type: UNKNOWN ADV-2006-4502 Source: XF Type: UNKNOWN linux-sockaddr-memory-leak(25425) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10875 Source: UBUNTU Type: UNKNOWN USN-281-1 | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||