CVE-2006-1342

Linux kernel <2.4 - Info Disclosure

Title source: llm

Description

net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Pavel Kankovsky · clocallinux

https://www.exploit-db.com/exploits/27461

View Code ZIP pw:eip

References (18)

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2006-0579.html

[Vendor Advisory] http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git%3Ba=commit%3Bh=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/4502

[Third Party Advisory] http://secunia.com/advisories/22875

[Vendor Advisory] http://www.vmware.com/download/esx/esx-202-200610-patch.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/451426/100/200/threaded

[Third Party Advisory] http://secunia.com/advisories/21035

[Vendor Advisory] http://www.vmware.com/download/esx/esx-213-200610-patch.html

[Vendor Advisory] http://www.novell.com/linux/security/advisories/2006-05-31.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2006-0580.html

[Vendor Advisory] http://www.vmware.com/download/esx/esx-254-200610-patch.html

[Third Party Advisory] http://secunia.com/advisories/19357

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/451404/100/0/threaded

[Third Party Advisory] http://secunia.com/advisories/20398

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/451417/100/200/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/17203

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/451419/100/200/threaded

[Mailing List] http://marc.info/?l=linux-netdev&m=114148078223594&w=2

Scores

EPSS 0.0017

EPSS Percentile 38.4%

Details

Status published

Products (1)

linux/linux_kernel 2.4.0

Published Mar 21, 2006

Tracked Since Feb 18, 2026