CVE-2006-5461 — Avahi vulnerability

5 documents5 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 76.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Avahi Debian Avahi

Timeline

PublishedNov 14

Latest updateMay 1

Description

Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/avahi< avahi 0.6.15-1 (bookworm)

▶Debianavahi/avahi< 0.6.15-1+3

▶NVDavahi/avahi0.6.14

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-4w5j-fgfj-644h: Avahi before 0↗2022-05-01

▶

OSV

CVE-2006-5461: Avahi before 0↗2006-11-14

▶

📋Vendor Advisories

Ubuntu

Avahi vulnerability↗2006-11-11

▶

Debian

CVE-2006-5461: avahi - Avahi before 0.6.15 does not verify the sender identity of netlink messages to e...↗2006

▶