#VU95590 Information exposure in Linux kernel - CVE-2006-1342
Published: March 21, 2006 / Updated: August 8, 2024
Vulnerability identifier: #VU95590
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2006-1342
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to gain access to sensitive information.
net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.
Remediation
Install update from vendor's repository.
External links
- http://marc.info/?l=linux-netdev&m=114148078223594&w=2
- http://secunia.com/advisories/19357
- http://secunia.com/advisories/20398
- http://secunia.com/advisories/21035
- http://secunia.com/advisories/22875
- http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b
- http://www.novell.com/linux/security/advisories/2006-05-31.html
- http://www.redhat.com/support/errata/RHSA-2006-0579.html
- http://www.redhat.com/support/errata/RHSA-2006-0580.html
- http://www.securityfocus.com/archive/1/451404/100/0/threaded
- http://www.securityfocus.com/archive/1/451417/100/200/threaded
- http://www.securityfocus.com/archive/1/451419/100/200/threaded
- http://www.securityfocus.com/archive/1/451426/100/200/threaded
- http://www.securityfocus.com/bid/17203
- http://www.vmware.com/download/esx/esx-202-200610-patch.html
- http://www.vmware.com/download/esx/esx-213-200610-patch.html
- http://www.vmware.com/download/esx/esx-254-200610-patch.html
- http://www.vupen.com/english/advisories/2006/4502