CVE-2006-1342

Linux kernel <2.4 - Info Disclosure

Title source: llm

Description

net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Pavel Kankovsky · clocallinux

https://www.exploit-db.com/exploits/27461

View Code ZIP pw:eip

References (18)

[Mailing List] http://marc.info/?l=linux-netdev&m=114148078223594&w=2

[Vendor Advisory] http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git%3Ba=commit%3Bh=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2006-0579.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2006-0580.html

[Vendor Advisory] http://www.vmware.com/download/esx/esx-202-200610-patch.html

[Vendor Advisory] http://www.vmware.com/download/esx/esx-213-200610-patch.html

[Vendor Advisory] http://www.vmware.com/download/esx/esx-254-200610-patch.html

[Vendor Advisory] http://www.novell.com/linux/security/advisories/2006-05-31.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/451404/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/451417/100/200/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/451419/100/200/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/451426/100/200/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/17203

[Third Party Advisory] http://secunia.com/advisories/19357

[Third Party Advisory] http://secunia.com/advisories/20398

[Third Party Advisory] http://secunia.com/advisories/21035

[Third Party Advisory] http://secunia.com/advisories/22875

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/4502

Scores

EPSS 0.0017

EPSS Percentile 38.5%

Classification

Status draft

Affected Products (1)

linux/linux_kernel

Timeline

Published Mar 21, 2006

Tracked Since Feb 18, 2026