Lucene search

K

Gentoo FoundationGLSA-200901-11

HistoryJan 14, 2009 - 12:00 a.m.

Avahi: Denial of service

2009-01-1400:00:00

Gentoo Foundation

security.gentoo.org

17

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.955

Percentile

99.4%

Background

Avahi is a system that facilitates service discovery on a local network.

Description

Hugo Dias reported a failed assertion in the originates_from_local_legacy_unicast_socket() function in avahi-core/server.c when processing mDNS packets with a source port of 0.

Impact

A remote attacker could send specially crafted packets to the daemon, leading to its crash.

Workaround

There is no known workaround at this time.

Resolution

All Avahi users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=net-dns/avahi-0.6.24"

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-dns/avahi< 0.6.24UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.955

Percentile

99.4%

Related for GLSA-200901-11

openvas30 metasploit1 oraclelinux1 nessus14 cvelist2 fedora1 cve2 nvd2 centos1 packetstorm1 prion2 exploitpack1 ubuntucve2 seebug2 redhat1 securityvulns2 debiancve2 zdt1 exploitdb1 osv2 debian1 ubuntu1