Vulnerability CVE-2006-5461

Vulnerability Name:

CVE-2006-5461 (CCN-30207)

Assigned:

2006-11-13

Published:

2006-11-13

Updated:

2018-10-03

Summary:

Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: Avahi Web site
Milestone Avahi 0.6.10

Source: CONFIRM
Type: UNKNOWN
http://avahi.org/milestone/Avahi%200.6.15

Source: MITRE
Type: CNA
CVE-2006-5461

Source: CCN
Type: SA22807
Avahi "netlink" Message Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
22807

Source: SECUNIA
Type: Patch, Vendor Advisory
22852

Source: SECUNIA
Type: UNKNOWN
22932

Source: SECUNIA
Type: UNKNOWN
23020

Source: SECUNIA
Type: UNKNOWN
23042

Source: CCN
Type: SECTRACK ID: 1017257
Avahi Lets Remote Users Manipulate the Service By Spoofing Netlink Messages

Source: SECTRACK
Type: UNKNOWN
1017257

Source: CCN
Type: GLSA-200611-13
Avahi: netlink message vulnerability

Source: GENTOO
Type: UNKNOWN
GLSA-200611-13

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:215

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:026

Source: CCN
Type: OSVDB ID: 30314
Avahi netlink Message Spoofing

Source: BID
Type: UNKNOWN
21016

Source: CCN
Type: BID-21016
Avahi Unauthorized Data Manipulation Vulnerability

Source: CCN
Type: USN-380-1
Avahi vulnerability

Source: CCN
Type: USN-380-2
Avahi regression

Source: VUPEN
Type: UNKNOWN
ADV-2006-4474

Source: XF
Type: UNKNOWN
avahi-netlink-security-bypass(30207)

Source: XF
Type: UNKNOWN
avahi-netlink-security-bypass(30207)

Source: CCN
Type: avahi-tickets Mailing List, Mon Nov 6 14:53:58 CET 2006
[Avahi] #69: Avahi needs to check the originating process of netlink messages

Source: MLIST
Type: UNKNOWN
[avahi-tickets] 20061106 [Avahi] #69: Avahi needs to check the originating process of netlink messages

Source: UBUNTU
Type: UNKNOWN
USN-380-1

Source: SUSE
Type: SUSE-SR:2006:026
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:avahi:avahi:*:*:*:*:*:*:*:* (Version <= 0.6.14)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20065461	V	CVE-2006-5461	2022-06-30
oval:org.opensuse.security:def:42276	P	Security update for xen (Moderate)	2022-05-03
oval:org.opensuse.security:def:111993	P	avahi-0.8-7.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:31750	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:26217	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:31336	P	Security update for chrony (Moderate)	2021-12-22
oval:org.opensuse.security:def:33054	P	Security update for speex (Moderate)	2021-12-01
oval:org.opensuse.security:def:31708	P	Security update for webkit2gtk3 (Important)	2021-11-23
oval:org.opensuse.security:def:32223	P	Security update for postgresql, postgresql13, postgresql14 (Important)	2021-11-20
oval:org.opensuse.security:def:31303	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:31703	P	Security update for MozillaFirefox (Important)	2021-11-17
oval:org.opensuse.security:def:26151	P	Security update for python3 (Moderate)	2021-10-20
oval:org.opensuse.security:def:105554	P	avahi-0.8-7.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:33015	P	Security update for atftp (Moderate)	2021-09-27
oval:org.opensuse.security:def:26137	P	Security update for sqlite3 (Important)	2021-09-23
oval:org.opensuse.security:def:26128	P	Security update for postgresql13 (Moderate)	2021-09-16
oval:org.opensuse.security:def:32167	P	Security update for openssl (Important)	2021-08-24
oval:org.opensuse.security:def:26098	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:31659	P	Security update for qemu (Important)	2021-07-29
oval:org.opensuse.security:def:32156	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:31226	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:31646	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:31211	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:31643	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:36091	P	avahi-0.6.23-11.32.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36375	P	avahi-compat-howl-devel-0.6.23-11.32.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42498	P	avahi-0.6.23-11.32.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32112	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:26066	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:32090	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:42079	P	Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly (Important)	2021-06-01
oval:org.opensuse.security:def:26049	P	Security update for lz4 (Important)	2021-05-14
oval:org.opensuse.security:def:31152	P	Security update for qemu (Important)	2021-04-16
oval:org.opensuse.security:def:31603	P	Security update for fwupdate (Important)	2021-04-08
oval:org.opensuse.security:def:31140	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:31141	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:31747	P	Security update for nghttp2 (Important)	2021-03-24
oval:org.opensuse.security:def:31360	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:31358	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:32272	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:26209	P	Security update for apache2 (Moderate)	2021-03-12
oval:org.opensuse.security:def:31348	P	Security update for perl-XML-Twig (Moderate)	2021-03-01
oval:org.opensuse.security:def:26195	P	Security update for php74 (Important)	2021-02-19
oval:org.opensuse.security:def:31337	P	Security update for python (Important)	2021-02-11
oval:org.opensuse.security:def:31569	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:32833	P	Security update for ovmf (Moderate)	2020-12-16
oval:org.opensuse.security:def:32011	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:35525	P	avahi-0.6.23-11.19.22 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35672	P	avahi-0.6.23-11.19.22 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41932	P	avahi-0.6.23-11.19.22 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35869	P	avahi-0.6.23-11.30.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:32002	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:31558	P	Security update for python3 (Important)	2020-12-02
oval:org.opensuse.security:def:31557	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:25431	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31867	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:26554	P	ghostscript-fonts-other on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25852	P	Security update for flash-playerqemu (Important)	2020-12-01
oval:org.opensuse.security:def:25925	P	Security update for pcre (Moderate)	2020-12-01
oval:org.opensuse.security:def:25361	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:25623	P	Security update for cifs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:26642	P	sysstat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26525	P	avahi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26000	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25649	P	Security update for libcdio (Low)	2020-12-01
oval:org.opensuse.security:def:31855	P	Security update for crash (Low)	2020-12-01
oval:org.opensuse.security:def:26833	P	tgt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25982	P	Security update for bash (Moderate)	2020-12-01
oval:org.opensuse.security:def:26700	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25853	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31916	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25224	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:32311	P	Security update for quagga (Moderate)	2020-12-01
oval:org.opensuse.security:def:27373	P	avahi-compat-howl-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25640	P	Security update for libqt5-qtsvg (Moderate)	2020-12-01
oval:org.opensuse.security:def:31447	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25941	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32598	P	python on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25299	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:26319	P	Security update for kde-cli-tools5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32377	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25652	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25418	P	Security update for raptor (Important)	2020-12-01
oval:org.opensuse.security:def:25999	P	Security update for zziplib (Moderate)	2020-12-01
oval:org.opensuse.security:def:30994	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:25508	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:31946	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:26372	P	Recommended update for geotiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25844	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25653	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26672	P	avahi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25076	P	Security update for cpio (Moderate)	2020-12-01
oval:org.opensuse.security:def:31079	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:25845	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:32051	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:27054	P	wireshark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26266	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25755	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:31813	P	Security update for apache2-mod_jk (Moderate)	2020-12-01
oval:org.opensuse.security:def:25088	P	Security update for libssh (Important)	2020-12-01
oval:org.opensuse.security:def:31450	P	Security update for postgresql10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25420	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31554	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26501	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:25808	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:32490	P	avahi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25924	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25280	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31594	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:32794	P	systemtap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25495	P	Security update for shibboleth-sp (Moderate)	2020-12-01
oval:org.opensuse.security:def:31924	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:26603	P	libsnmp15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26490	P	Security update for pdns (Moderate)	2020-12-01
oval:org.opensuse.security:def:25936	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:25565	P	Security update for SUSE Manager Client Tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:31806	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25704	P	Security update for ppp (Important)	2020-12-01
oval:org.opensuse.security:def:26656	P	zoo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25800	P	Security update for polkit (Moderate)	2020-12-01
oval:org.opensuse.security:def:31894	P	Security update for fetchmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:26868	P	avahi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25223	P	Security update for openssl-1_0_0 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27338	P	xorg-x11-server-dmx on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25902	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:31960	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25235	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26270	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32333	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:25641	P	Security update for bcm43xx-firmware (Moderate)	2020-12-01
oval:org.opensuse.security:def:31775	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:25955	P	Security update for gstreamer-0_10-plugins-bad (Moderate)	2020-12-01
oval:org.opensuse.security:def:32637	P	avahi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30993	P	Security update for jasper	2020-12-01
oval:org.opensuse.security:def:25427	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31790	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:26358	P	Security update for Mozilla Thunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:25716	P	Security update for librsvg (Moderate)	2020-12-01
oval:org.opensuse.security:def:25502	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26637	P	ruby on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31005	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25761	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26416	P	Security update for nginx (Moderate)	2020-12-01
oval:org.opensuse.security:def:25706	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:31769	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25077	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:25996	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:27089	P	avahi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25419	P	Security update for kernel-firmware (Important)	2020-12-01
oval:org.opensuse.security:def:31422	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26350	P	Security update for ansible (Moderate)	2020-12-01
oval:org.opensuse.security:def:25794	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:32451	P	Security update for xen (Moderate)	2020-12-01
oval:org.opensuse.security:def:25152	P	Security update for pam_radius (Important)	2020-12-01
oval:org.opensuse.security:def:31507	P	Security update for python27 (Moderate)	2020-12-01

BACK