Local Network Spoofing in Avahi from 0.6.15 and Earlier
CVE-2006-5461

Currently unrated

Key Information:

Vendor: Avahi
Status: Avahi
Vendor: CVE Published:; 14 November 2006

What is CVE-2006-5461?

Avahi versions before 0.6.15 fail to confirm the authenticity of sender identity in netlink messages, creating an opportunity for local users to impersonate network modifications. This oversight enables potential spoofing of changes within the network, compromising the integrity of network operations managed by Avahi and posing a risk to overall system security.

References

http://secunia.com/advisories/22932

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/23042

third-party-advisoryx_refsource_SECUNIA

http://www.novell.com/linux/security/advisories/2006_26_s...

vendor-advisoryx_refsource_SUSE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2006
Vulnerability Reserved
Oct 23, 2006

JSON