← back
CVE-2006-1343

CVE-2006-1343

EPSS 0.4%
net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=linux-netdev&m=114148078223594&w=2http://secunia.com/advisories/19357http://secunia.com/advisories/19955http://secunia.com/advisories/20671http://secunia.com/advisories/21045http://secunia.com/advisories/21136http://secunia.com/advisories/21465http://secunia.com/advisories/21983http://secunia.com/advisories/22093http://secunia.com/advisories/22417http://secunia.com/advisories/22875https://exchange.xforce.ibmcloud.com/vulnerabilities/25425