关键漏洞信息 漏洞标识 CVE编号: CVE-2006-1342 CVSS 2.5 - Access Vector: Local - Access Complexity: Low - Authentication: Not Required - Confidentiality Impact: Partial - Integrity Impact: None - Availability Impact: None 漏洞描述 The Linux kernel sockadr_in.sin_zero sin_zero was not properly cleared sockadr_in.sin_zero prior to returning IPv4 socket names from the getsockopt(), getsockname(), getpeername(), and accept() functions. This would result in 6 bytes of kernel memory being leaked to userspace, allowing a local attacker to possibly obtain sensitive information. 影响的后果 Obtain Information 解决方案 升级到最新版本的 Linux 内核 (2.6.16.19 或更高版本),可从Linux Kernel Archives获得。查阅参考资料。 受影响产品 Linux Kernel 2.4.3 Linux Kernel 2.4.4 Linux Kernel 2.4.5 Linux Kernel 2.4.6 依赖产品 Canonical Ubuntu 5.04 Debian Debian Linux 3.1 MandrakeSoft Mandrake Linux 2006 外部链接 BID-17203 CVE-2006-1342 linux-netdev Mailing List, 2006-03-04 13:53:16 The Linux Kernel Archives