Unrated severityNVD Advisory· Published Nov 14, 2006· Updated Apr 23, 2026

CVE-2006-5461

Description

Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.

Affected products

Avahi/Avahi
cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*
Range: <=0.6.14

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/22807nvdPatchVendor Advisory
secunia.com/advisories/22852nvdPatchVendor Advisory
avahi.org/milestone/Avahi%200.6.15nvd
secunia.com/advisories/22932nvd
secunia.com/advisories/23020nvd
secunia.com/advisories/23042nvd
securitytracker.com/idnvd
www.gentoo.org/security/en/glsa/glsa-200611-13.xmlnvd
www.mandriva.com/security/advisoriesnvd
www.novell.com/linux/security/advisories/2006_26_sr.htmlnvd
www.securityfocus.com/bid/21016nvd
www.vupen.com/english/advisories/2006/4474nvd
exchange.xforce.ibmcloud.com/vulnerabilities/30207nvd
tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.htmlnvd
usn.ubuntu.com/380-1/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000