CVE-2006-6653

The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket").

CVSS v2.0 1.7 LOW

1.7^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-026.txt.asc	Patch Vendor Advisory
http://securitytracker.com/id?1017293	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:netbsd:netbsd:2.0:::::::*
	cpe:2.3:o:netbsd:netbsd:3.0:::::::*
	cpe:2.3:o:netbsd:netbsd:3.0.1:::::::*
	cpe:2.3:o:netbsd:netbsd:current:::::::*

History

No history.

Information

Published : 2006-12-20 02:28

Updated : 2024-02-28 11:01

NVD link : CVE-2006-6653

Mitre link : CVE-2006-6653

CVE.ORG link : CVE-2006-6653

JSON object : View

Products Affected

netbsd

netbsd

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2006-6653", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-12-20T02:28:00.000", "references": [{"url": "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-026.txt.asc", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017293", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka \"a dangling socket\")."}, {"lang": "es", "value": "La funci\u00f3n accept en NetBSD-current versiones anteriores a 20061023, NetBSD 3.0 y 3.0.1 versiones anteriores a 20061024, y NetBSD 2.x versiones anteriores a 20061029, permite a atacantes locales provocar una denegaci\u00f3n de servicio (agotamiento de socket) a trav\u00e9s del par\u00e1metro inv\u00e1lido (1) name \u00f3 (2) namelen, que podr\u00eda resultar en un socket nunca cerrado (tambi\u00e9n conocido como \"un socket colagado (dangling)\")"}], "lastModified": "2011-07-25T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netbsd:netbsd:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3C3F588-98DA-4F6F-A083-2B9EE534C561"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9CABFAA-594C-45D7-A0C7-795872A0C68A"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F9432E9-AACA-4242-BDAB-8792ACF72C12"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:current:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F30E9234-481B-41BC-BFC2-9E9773DEE65C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "This vulnerability is addressed in the following product updates:\r\nNetBSD, NetBSD, current (10/23/2006)\r\nNetBSD, NetBSD, 3.0 (10/24/2006)\r\nNetBSD, NetBSD, 3.0.1 (10/24/2006) \r\nNetBSD, NetBSD, 2.0 (10/29/2006)"}