CVE-2006-5461 | Vulnerability Database | Aqua Security

Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.

Affected Software

Name	Vendor	Start Version	End Version
Avahi	Avahi	*	0.6.14 (including)
Avahi	Ubuntu	dapper	*
Avahi	Ubuntu	edgy	*
Avahi	Ubuntu	upstream	*

References

http://avahi.org/milestone/Avahi%200.6.15
http://secunia.com/advisories/22807
http://secunia.com/advisories/22852
http://secunia.com/advisories/22932
http://secunia.com/advisories/23020
http://secunia.com/advisories/23042
http://securitytracker.com/id?1017257
http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:215
http://www.novell.com/linux/security/advisories/2006_26_sr.html
http://www.securityfocus.com/bid/21016
http://www.vupen.com/english/advisories/2006/4474
https://exchange.xforce.ibmcloud.com/vulnerabilities/30207
https://tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html
https://usn.ubuntu.com/380-1/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-5461
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html