CVE-2006-1342
published 2006-03-21CVE-2006-1342: net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and…
PriorityP411low2.1CVSS 2.0
AVLACLAuNCPINAN
EXPLOIT
EPSS
0.71%
49.0th percentile
net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2006-03-04·CVSS 2.1
CVE-2006-1342 [LOW] security flaw
security flaw
net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.
GHSA
GHSA-jf62-rxq2-pm67: net/ipv4/af_inet
ghsa_unreviewed·2022-05-01
CVE-2006-1342 [LOW] GHSA-jf62-rxq2-pm67: net/ipv4/af_inet
net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.
No detection rules found.
Bugzilla
CVE-2006-1342 security flaw
bugzilla·2018-08-16·CVSS 2.1
CVE-2006-1342 [LOW] CVE-2006-1342 security flaw
CVE-2006-1342 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.
Bugzilla
CVE-2006-1342 Small information leak in SO_ORIGINAL_DST and getname() (CVE-2006-1343)
bugzilla·2006-03-22·CVSS 2.1
CVE-2006-1342 [LOW] CVE-2006-1342 Small information leak in SO_ORIGINAL_DST and getname() (CVE-2006-1343)
CVE-2006-1342 Small information leak in SO_ORIGINAL_DST and getname() (CVE-2006-1343)
It appears sockaddr_in.sin_zero is not zeroed during certain operations
returning IPv4 socket names, namely:
- getsockopt(...SO_ORIGINAL_DST...) (2.4 and 2.6)
see getorigdst() in net/ipv4/netfilter/ip_conntrack_core.c
(+ in net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6?!)
- getsockname() and getpeername() (and accept()) (2.4 only)
see inet_getname() in net/ipv4/af_inet.c
and several unitialized bytes of kernel stack (sizeof(sin_zero) == 6 to be
precise) leak to the userspace.
http://marc.theaimsgroup.com/?l=linux-netdev&m=114148078223594&w=2
A patch has been included in Marcelo's 2.4 tree:
http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c
Bugzilla
CVE-2006-1342 Small information leak in SO_ORIGINAL_DST and getname() (CVE-2006-1343)
bugzilla·2006-03-22·CVSS 2.1
CVE-2006-1342 [LOW] CVE-2006-1342 Small information leak in SO_ORIGINAL_DST and getname() (CVE-2006-1343)
CVE-2006-1342 Small information leak in SO_ORIGINAL_DST and getname() (CVE-2006-1343)
It appears sockaddr_in.sin_zero is not zeroed during certain operations
returning IPv4 socket names, namely:
- getsockopt(...SO_ORIGINAL_DST...) (2.4 and 2.6)
see getorigdst() in net/ipv4/netfilter/ip_conntrack_core.c
(+ in net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6?!)
- getsockname() and getpeername() (and accept()) (2.4 only)
see inet_getname() in net/ipv4/af_inet.c
and several unitialized bytes of kernel stack (sizeof(sin_zero) == 6 to be
precise) leak to the userspace.
http://marc.theaimsgroup.com/?l=linux-netdev&m=114148078223594&w=2
A patch has been included in Marcelo's 2.4 tree:
http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c
http://marc.info/?l=linux-netdev&m=114148078223594&w=2http://secunia.com/advisories/19357http://secunia.com/advisories/20398http://secunia.com/advisories/21035http://secunia.com/advisories/22875http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git%3Ba=commit%3Bh=09d3b3dcfa80c9094f1748c1be064b9326c9ef2bhttp://www.novell.com/linux/security/advisories/2006-05-31.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0579.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0580.htmlhttp://www.securityfocus.com/archive/1/451404/100/0/threadedhttp://www.securityfocus.com/archive/1/451417/100/200/threadedhttp://www.securityfocus.com/archive/1/451419/100/200/threadedhttp://www.securityfocus.com/archive/1/451426/100/200/threadedhttp://www.securityfocus.com/bid/17203http://www.vmware.com/download/esx/esx-202-200610-patch.htmlhttp://www.vmware.com/download/esx/esx-213-200610-patch.htmlhttp://www.vmware.com/download/esx/esx-254-200610-patch.htmlhttp://www.vupen.com/english/advisories/2006/4502http://marc.info/?l=linux-netdev&m=114148078223594&w=2http://secunia.com/advisories/19357http://secunia.com/advisories/20398http://secunia.com/advisories/21035http://secunia.com/advisories/22875http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git%3Ba=commit%3Bh=09d3b3dcfa80c9094f1748c1be064b9326c9ef2bhttp://www.novell.com/linux/security/advisories/2006-05-31.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0579.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0580.htmlhttp://www.securityfocus.com/archive/1/451404/100/0/threadedhttp://www.securityfocus.com/archive/1/451417/100/200/threadedhttp://www.securityfocus.com/archive/1/451419/100/200/threadedhttp://www.securityfocus.com/archive/1/451426/100/200/threadedhttp://www.securityfocus.com/bid/17203http://www.vmware.com/download/esx/esx-202-200610-patch.htmlhttp://www.vmware.com/download/esx/esx-213-200610-patch.htmlhttp://www.vmware.com/download/esx/esx-254-200610-patch.htmlhttp://www.vupen.com/english/advisories/2006/4502
2006-03-21
Published