Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2006-1588 | First vendor Publication | 2006-04-03 |
| Vendor | Cve | Last vendor Modification | 2017-07-20 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 2.1 | Attack Range | Local |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1588 |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 24262 | NetBSD if_bridge(4) Function Arbitrary Kernel Memory Disclosure NetBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when 'ioctl' calls are made on Ethernet bridge interfaces. The operating system's kernel will not fully zero out temporary stack memory to hold the results of the 'ioctl' call which could disclose kernel stack memory to the calling process, resulting in a loss of confidentiality. |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:03:52 |
|
| 2021-04-22 01:04:25 |
|
| 2020-05-23 00:17:36 |
|
| 2017-07-20 09:23:28 |
|
| 2016-06-28 15:42:45 |
|
| 2016-04-26 14:28:13 |
|
| 2013-05-11 10:53:02 |
|
