CVE-2006-1342
CVE-2006-1342
net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://marc.info/?l=linux-netdev&m=114148078223594&w=2http://secunia.com/advisories/19357http://secunia.com/advisories/20398http://secunia.com/advisories/21035http://secunia.com/advisories/22875http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git%3Ba=commit%3Bh=09d3b3dcfa80c9094f1748c1be064b9326c9ef2bhttp://www.novell.com/linux/security/advisories/2006-05-31.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0579.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0580.htmlhttp://www.securityfocus.com/archive/1/451404/100/0/threadedhttp://www.securityfocus.com/archive/1/451417/100/200/threadedhttp://www.securityfocus.com/archive/1/451419/100/200/threaded