Kaspersky LabKLA10074KLA10074 Multiple vulnerabilities in Apple Bonjour
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
Confidence
Low
EPSS
Percentile
84.4%
Multiple serious vulnerabilities have been found in Apple Bonjour. Malicious users can exploit these vulnerabilities to spoof DNS responses or cause denial of service Below is a complete list of vulnerabilities
- Not exploiting random transaction ID’s can be exploited remotely by spoofing DNS responses;
- Vectors related to mDNSResponder can be exploited via a specially designed .local domain.
Original advisories
Related products
CVE list
CVE-2008-2326 critical
Solution
Update to latest version
Impacts
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SUI
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
Affected Products
- Apple Bonjour versions 1.0.4 and earlier for Windows
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
Confidence
Low
EPSS
Percentile
84.4%