CVE-2006-5461
EPSS 0.08%
Description
Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.
How to fix CVE-2006-5461
To remediate CVE-2006-5461, upgrade the affected package to a fixed version below.
- Debian/avahi—upgrade to 0.6.15-1 or later
Is CVE-2006-5461 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.6.15-1