CVE-2006-1588

The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-005.txt.asc	Vendor Advisory
http://secunia.com/advisories/19464	Vendor Advisory
http://securitytracker.com/id?1015846	Patch
http://www.osvdb.org/24262
http://www.securityfocus.com/bid/17312	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25582
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-005.txt.asc	Vendor Advisory
http://secunia.com/advisories/19464	Vendor Advisory
http://securitytracker.com/id?1015846	Patch
http://www.osvdb.org/24262
http://www.securityfocus.com/bid/17312	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25582

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:netbsd:netbsd:1.6:::::::*
	cpe:2.3:o:netbsd:netbsd:1.6:beta::::::
	cpe:2.3:o:netbsd:netbsd:1.6.1:::::::*
	cpe:2.3:o:netbsd:netbsd:1.6.2:::::::*
	cpe:2.3:o:netbsd:netbsd:2.0:::::::*
	cpe:2.3:o:netbsd:netbsd:2.0.1:::::::*
	cpe:2.3:o:netbsd:netbsd:2.0.2:::::::*
	cpe:2.3:o:netbsd:netbsd:2.0.3:::::::*
	cpe:2.3:o:netbsd:netbsd:2.1:::::::*
	cpe:2.3:o:netbsd:netbsd:3.0:::::::*

History

21 Nov 2024, 00:09

Type	Values Removed	Values Added
References	~~() ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-005.txt.asc - Vendor Advisory~~	() ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-005.txt.asc - Vendor Advisory
References	~~() http://secunia.com/advisories/19464 - Vendor Advisory~~	() http://secunia.com/advisories/19464 - Vendor Advisory
References	~~() http://securitytracker.com/id?1015846 - Patch~~	() http://securitytracker.com/id?1015846 - Patch
References	~~() http://www.osvdb.org/24262 -~~	() http://www.osvdb.org/24262 -
References	~~() http://www.securityfocus.com/bid/17312 - Patch, Vendor Advisory~~	() http://www.securityfocus.com/bid/17312 - Patch, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/25582 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/25582 -

Information

Published : 2006-04-03 10:04

Updated : 2025-04-03 01:03

NVD link : CVE-2006-1588

Mitre link : CVE-2006-1588

CVE.ORG link : CVE-2006-1588

JSON object : View

Products Affected

netbsd

netbsd

CWE

NVD-CWE-Other

2.1 /10