CVE-2006-1343

Advisory lineage Upstream: 0 Downstream: 4

Downstream

DSA-1097-1 DSA-1184-2 RHSA-2006:0437 RHSA-2006:0575

Modified

Published: 21 Mar 2006, 18:00

Last modified:07 Aug 2024, 17:12

Vulnerability Summary

Overall Risk (default)

minimal

8/100

CVSS Score

2.1 LOW

v2.0 (nvd)

EPSS Score

0.1% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 Mar 2006, 18:00

Published

Vulnerability first disclosed

07 Aug 2024, 17:12

Last Modified

Vulnerability information updated

Description

net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory.

CVSS Metrics

v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.10%• Percentile: 28%

Affected Systems

linux•linux_kernel
2.4.0 | 2.6.0