{"api_version":"1","generated_at":"2026-04-23T04:08:49+00:00","cve":"CVE-2006-5461","urls":{"html":"https://cve.report/CVE-2006-5461","api":"https://cve.report/api/cve/CVE-2006-5461.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-5461","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-5461"},"summary":{"title":"CVE-2006-5461","description":"Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.","state":"PUBLISHED","assigner":"redhat","published_at":"2006-11-14 22:07:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"2.1","severity":"","vector":"AV:L/AC:L/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/30207","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/30207","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/22807","name":"http://secunia.com/advisories/22807","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Avahi \"netlink\" Message Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2006:215","name":"http://www.mandriva.com/security/advisories?name=MDKSA-2006:215","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Advisories - Mandriva Linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1017257","name":"http://securitytracker.com/id?1017257","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Avahi Lets Remote Users Manipulate the Service By Spoofing Netlink Messages - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.novell.com/linux/security/advisories/2006_26_sr.html","name":"http://www.novell.com/linux/security/advisories/2006_26_sr.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Security Announcement","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/23042","name":"http://secunia.com/advisories/23042","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo update for avahi - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://avahi.org/milestone/Avahi%200.6.15","name":"http://avahi.org/milestone/Avahi%200.6.15","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Milestone Avahi 0.6.15 - Avahi - Trac","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/22852","name":"http://secunia.com/advisories/22852","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Ubuntu update for avahi - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml","name":"http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo Linux Documentation\n--\n  Avahi: \"netlink\" message vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html","name":"https://tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"http://0pointer.net/","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/4474","name":"http://www.vupen.com/english/advisories/2006/4474","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/23020","name":"http://secunia.com/advisories/23020","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Mandriva update for avahi - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/380-1/","name":"https://usn.ubuntu.com/380-1/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"USN-380-1: Avahi vulnerability | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/21016","name":"http://www.securityfocus.com/bid/21016","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Avahi Unauthorized Data Manipulation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/22932","name":"http://secunia.com/advisories/22932","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SUSE Update for Multiple Packages - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-5461","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-5461","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"5461","vulnerable":"1","versionEndIncluding":"0.6.14","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"avahi","cpe5":"avahi","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T19:48:30.555Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"22932","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/22932"},{"name":"23042","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/23042"},{"name":"SUSE-SR:2006:026","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://www.novell.com/linux/security/advisories/2006_26_sr.html"},{"name":"22852","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/22852"},{"name":"USN-380-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"https://usn.ubuntu.com/380-1/"},{"name":"ADV-2006-4474","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2006/4474"},{"name":"23020","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/23020"},{"name":"22807","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/22807"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://avahi.org/milestone/Avahi%200.6.15"},{"name":"1017257","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1017257"},{"name":"[avahi-tickets] 20061106 [Avahi] #69: Avahi needs to check the originating process of netlink messages","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html"},{"name":"MDKSA-2006:215","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2006:215"},{"name":"avahi-netlink-security-bypass(30207)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/30207"},{"name":"GLSA-200611-13","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml"},{"name":"21016","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/21016"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2006-11-06T00:00:00.000Z","descriptions":[{"lang":"en","value":"Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-03T20:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"22932","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/22932"},{"name":"23042","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/23042"},{"name":"SUSE-SR:2006:026","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://www.novell.com/linux/security/advisories/2006_26_sr.html"},{"name":"22852","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/22852"},{"name":"USN-380-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"https://usn.ubuntu.com/380-1/"},{"name":"ADV-2006-4474","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2006/4474"},{"name":"23020","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/23020"},{"name":"22807","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/22807"},{"tags":["x_refsource_CONFIRM"],"url":"http://avahi.org/milestone/Avahi%200.6.15"},{"name":"1017257","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1017257"},{"name":"[avahi-tickets] 20061106 [Avahi] #69: Avahi needs to check the originating process of netlink messages","tags":["mailing-list","x_refsource_MLIST"],"url":"https://tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html"},{"name":"MDKSA-2006:215","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2006:215"},{"name":"avahi-netlink-security-bypass(30207)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/30207"},{"name":"GLSA-200611-13","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml"},{"name":"21016","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/21016"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","ID":"CVE-2006-5461","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"22932","refsource":"SECUNIA","url":"http://secunia.com/advisories/22932"},{"name":"23042","refsource":"SECUNIA","url":"http://secunia.com/advisories/23042"},{"name":"SUSE-SR:2006:026","refsource":"SUSE","url":"http://www.novell.com/linux/security/advisories/2006_26_sr.html"},{"name":"22852","refsource":"SECUNIA","url":"http://secunia.com/advisories/22852"},{"name":"USN-380-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/380-1/"},{"name":"ADV-2006-4474","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/4474"},{"name":"23020","refsource":"SECUNIA","url":"http://secunia.com/advisories/23020"},{"name":"22807","refsource":"SECUNIA","url":"http://secunia.com/advisories/22807"},{"name":"http://avahi.org/milestone/Avahi%200.6.15","refsource":"CONFIRM","url":"http://avahi.org/milestone/Avahi%200.6.15"},{"name":"1017257","refsource":"SECTRACK","url":"http://securitytracker.com/id?1017257"},{"name":"[avahi-tickets] 20061106 [Avahi] #69: Avahi needs to check the originating process of netlink messages","refsource":"MLIST","url":"https://tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html"},{"name":"MDKSA-2006:215","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2006:215"},{"name":"avahi-netlink-security-bypass(30207)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/30207"},{"name":"GLSA-200611-13","refsource":"GENTOO","url":"http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml"},{"name":"21016","refsource":"BID","url":"http://www.securityfocus.com/bid/21016"}]}}}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2006-5461","datePublished":"2006-11-14T22:00:00.000Z","dateReserved":"2006-10-23T00:00:00.000Z","dateUpdated":"2024-08-07T19:48:30.555Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2006-11-14 22:07:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*","versionEndIncluding":"0.6.14","matchCriteriaId":"24BA0FDC-4017-43B5-8CE7-980C1A1F1033"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"5461","Ordinal":"1","Title":"CVE-2006-5461","CVE":"CVE-2006-5461","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"5461","Ordinal":"1","NoteData":"Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.","Type":"Description","Title":"CVE-2006-5461"},{"CveYear":"2006","CveId":"5461","Ordinal":"2","NoteData":"2006-11-14","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"5461","Ordinal":"3","NoteData":"2018-10-03","Type":"Other","Title":"Modified"}]}}}