| CNNVD-ID编号 | CNNVD-200611-210 |
| CVE编号 | CVE-2006-5461 |
| 发布时间 | 2006-11-14 |
| 更新时间 | 2007-01-10 |
| 漏洞类型 | 访问验证错误 |
| 漏洞来源 | Steve Grubb discovered this issue. |
| 危险等级 | 低危 |
| 威胁类型 | 本地 |
| 厂 商 | avahi |
Avahid本未验证netlink消息的发送方身份以确认消息是来自内核而非其他进程,本地用户可借此来哄骗网络转变到Avahi。
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Avahi Avahi 0.5.2
Ubuntu avahi-daemon_0.5.2-1ubuntu1.2_i386.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-daemon_0 .5.2-1ubuntu1.2_i386.deb
Ubuntu avahi-daemon_0.5.2-1ubuntu1.2_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-daemon_0 .5.2-1ubuntu1.2_powerpc.deb
Ubuntu avahi-daemon_0.5.2-1ubuntu1.3_amd64.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-daemon_0 .5.2-1ubuntu1.3_amd64.deb
Ubuntu avahi-daemon_0.5.2-1ubuntu1.3_i386.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-daemon_0 .5.2-1ubuntu1.3_i386.deb
Ubuntu avahi-daemon_0.5.2-1ubuntu1.3_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-daemon_0 .5.2-1ubuntu1.3_powerpc.deb
Ubuntu avahi-dnsconfd_0.5.2-1ubuntu1.2_i386.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-dnsconfd _0.5.2-1ubuntu1.2_i386.deb
Ubuntu avahi-dnsconfd_0.5.2-1ubuntu1.2_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-dnsconfd _0.5.2-1ubuntu1.2_powerpc.deb
Ubuntu avahi-dnsconfd_0.5.2-1ubuntu1.3_amd64.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-dnsconfd _0.5.2-1ubuntu1.3_amd64.deb
Ubuntu avahi-dnsconfd_0.5.2-1ubuntu1.3_i386.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-dnsconfd _0.5.2-1ubuntu1.3_i386.deb
Ubuntu avahi-dnsconfd_0.5.2-1ubuntu1.3_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-dnsconfd _0.5.2-1ubuntu1.3_powerpc.deb
Ubuntu avahi-utils_0.5.2-1ubuntu1.3_all.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-utils_0. 5.2-1ubuntu1.3_all.deb
Ubuntu libavahi-cil_0.5.2-1ubuntu1.3_all.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-cil_0 .5.2-1ubuntu1.3_all.deb
Ubuntu libavahi-client-dev_0.5.2-1ubuntu1.2_i386.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t-dev_0.5.2-1ubuntu1.2_i386.deb
Ubuntu libavahi-client-dev_0.5.2-1ubuntu1.2_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t-dev_0.5.2-1ubuntu1.2_powerpc.deb
Ubuntu libavahi-client-dev_0.5.2-1ubuntu1.3_amd64.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t-dev_0.5.2-1ubuntu1.3_amd64.deb
Ubuntu libavahi-client-dev_0.5.2-1ubuntu1.3_i386.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t-dev_0.5.2-1ubuntu1.3_i386.deb
Ubuntu libavahi-client-dev_0.5.2-1ubuntu1.3_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t-dev_0.5.2-1ubuntu1.3_powerpc.deb
Ubuntu libavahi-client1_0.5.2-1ubuntu1.2_amd64.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t1_0.5.2-1ubuntu1.2_amd64.deb
Ubuntu libavahi-client1_0.5.2-1ubuntu1.2_i386.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t1_0.5.2-1ubuntu1.2_i386.deb
Ubuntu libavahi-client1_0.5.2-1ubuntu1.2_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t1_0.5.2-1ubuntu1.2_powerpc.deb
Ubuntu libavahi-client1_0.5.2-1ubuntu1.3_amd64.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t1_0.5.2-1ubuntu1.3_amd64.deb
Ubuntu libavahi-client1_0.5.2-1ubuntu1.3_i386.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t1_0.5.2-1ubuntu1.3_i386.deb
Ubuntu libavahi-client1_0.5.2-1ubuntu1.3_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t1_0.5.2-1ubuntu1.3_powerpc.deb
Ubuntu libavahi-common-dev_0.5.2-1ubuntu1.2_amd64.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-commo n-dev_0.5.2-1ubuntu1.2_amd64.deb
Ubuntu libavahi-common-dev_0.5.2-1ubuntu1.2_i38
来源: USN-380-1
名称: USN-380-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-380-1
来源: SECUNIA
名称: 22852
来源: SECUNIA
名称: 22807
来源: MLIST
名称: [avahi-tickets] 20061106 [Avahi] #69: Avahi needs to check the originating process of netlink messages
链接:https://tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html
来源: XF
名称: avahi-netlink-security-bypass(30207)
来源: BID
名称: 21016
来源: SUSE
名称: SUSE-SR:2006:026
链接:http://www.novell.com/linux/security/advisories/2006_26_sr.html
来源: MANDRIVA
名称: MDKSA-2006:215
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:215
来源: GENTOO
名称: GLSA-200611-13
链接:http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml
来源: VUPEN
名称: ADV-2006-4474
来源: SECTRACK
名称: 1017257
来源: SECUNIA
名称: 23042
来源: SECUNIA
名称: 23020
来源: MANDRIVA
名称: MDKSA-2006:215
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:215
来源: avahi.org