FreeBSD Local Security Checks : avahi -- denial of service

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.69366

Categoría: FreeBSD Local Security Checks

Título: avahi -- denial of service

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

avahi, avahi-app, avahi-autoipd, avahi-gtk, avahi-libdns,
avahi-qt3, avahi-qt4, avahi-sharp

CVE-2011-1002
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows
remote attackers to cause a denial of service (infinite loop) via an
empty (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2010-2244.

CVE-2010-2244
The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in
Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of
service (assertion failure and daemon exit) via a DNS packet with an
invalid checksum followed by a DNS packet with a valid checksum, a
different vulnerability than CVE-2008-5081.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1002
43361
http://secunia.com/advisories/43361
43465
http://secunia.com/advisories/43465
43605
http://secunia.com/advisories/43605
43673
http://secunia.com/advisories/43673
44131
http://secunia.com/advisories/44131
46446
http://www.securityfocus.com/bid/46446
70948
http://osvdb.org/70948
ADV-2011-0448
http://www.vupen.com/english/advisories/2011/0448
ADV-2011-0499
http://www.vupen.com/english/advisories/2011/0499
ADV-2011-0511
http://www.vupen.com/english/advisories/2011/0511
ADV-2011-0565
http://www.vupen.com/english/advisories/2011/0565
ADV-2011-0601
http://www.vupen.com/english/advisories/2011/0601
ADV-2011-0670
http://www.vupen.com/english/advisories/2011/0670
ADV-2011-0969
http://www.vupen.com/english/advisories/2011/0969
DSA-2174
http://www.debian.org/security/2011/dsa-2174
FEDORA-2011-3033
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html
MDVSA-2011:037
http://www.mandriva.com/security/advisories?name=MDVSA-2011:037
MDVSA-2011:040
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040
RHSA-2011:0436
http://www.redhat.com/support/errata/RHSA-2011-0436.html
RHSA-2011:0779
http://www.redhat.com/support/errata/RHSA-2011-0779.html
SUSE-SR:2011:005
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
USN-1084-1
http://ubuntu.com/usn/usn-1084-1
[oss-security] 20110218 CVE request: avahi daemon remote denial of service by sending NULL UDP
http://openwall.com/lists/oss-security/2011/02/18/1
[oss-security] 20110218 Re: CVE request: avahi daemon remote denial of service by sending NULL UDP
http://openwall.com/lists/oss-security/2011/02/18/4
[oss-security] 20110222 Re: [oss-security] CVE request: avahi daemon remote denial of service by sending NULL UDP
http://www.openwall.com/lists/oss-security/2011/02/22/9
avahi-udp-dos(65524)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65524
avahi-udp-packet-dos(65525)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65525
http://avahi.org/ticket/325
http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6
http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/
https://bugzilla.redhat.com/show_bug.cgi?id=667187
Common Vulnerability Exposure (CVE) ID: CVE-2010-2244
1024200
http://www.securitytracker.com/id?1024200
DSA-2086
http://www.debian.org/security/2010/dsa-2086
FEDORA-2010-10581
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043820.html
FEDORA-2010-10584
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html
MDVSA-2010:204
http://www.mandriva.com/security/advisories?name=MDVSA-2010:204
[oss-security] 20100623 CVE Request: avahi DoS
http://www.openwall.com/lists/oss-security/2010/06/23/4
[oss-security] 20100625 Re: CVE Request: avahi DoS
http://marc.info/?l=oss-security&m=127748459505200&w=2
https://bugzilla.redhat.com/show_bug.cgi?id=607293

Copyright Copyright (C) 2011 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.69366
Categoría:	FreeBSD Local Security Checks
Título:	avahi -- denial of service
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: avahi, avahi-app, avahi-autoipd, avahi-gtk, avahi-libdns, avahi-qt3, avahi-qt4, avahi-sharp CVE-2011-1002 avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. CVE-2010-2244 The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1002 43361 http://secunia.com/advisories/43361 43465 http://secunia.com/advisories/43465 43605 http://secunia.com/advisories/43605 43673 http://secunia.com/advisories/43673 44131 http://secunia.com/advisories/44131 46446 http://www.securityfocus.com/bid/46446 70948 http://osvdb.org/70948 ADV-2011-0448 http://www.vupen.com/english/advisories/2011/0448 ADV-2011-0499 http://www.vupen.com/english/advisories/2011/0499 ADV-2011-0511 http://www.vupen.com/english/advisories/2011/0511 ADV-2011-0565 http://www.vupen.com/english/advisories/2011/0565 ADV-2011-0601 http://www.vupen.com/english/advisories/2011/0601 ADV-2011-0670 http://www.vupen.com/english/advisories/2011/0670 ADV-2011-0969 http://www.vupen.com/english/advisories/2011/0969 DSA-2174 http://www.debian.org/security/2011/dsa-2174 FEDORA-2011-3033 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html MDVSA-2011:037 http://www.mandriva.com/security/advisories?name=MDVSA-2011:037 MDVSA-2011:040 http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 RHSA-2011:0436 http://www.redhat.com/support/errata/RHSA-2011-0436.html RHSA-2011:0779 http://www.redhat.com/support/errata/RHSA-2011-0779.html SUSE-SR:2011:005 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html USN-1084-1 http://ubuntu.com/usn/usn-1084-1 [oss-security] 20110218 CVE request: avahi daemon remote denial of service by sending NULL UDP http://openwall.com/lists/oss-security/2011/02/18/1 [oss-security] 20110218 Re: CVE request: avahi daemon remote denial of service by sending NULL UDP http://openwall.com/lists/oss-security/2011/02/18/4 [oss-security] 20110222 Re: [oss-security] CVE request: avahi daemon remote denial of service by sending NULL UDP http://www.openwall.com/lists/oss-security/2011/02/22/9 avahi-udp-dos(65524) https://exchange.xforce.ibmcloud.com/vulnerabilities/65524 avahi-udp-packet-dos(65525) https://exchange.xforce.ibmcloud.com/vulnerabilities/65525 http://avahi.org/ticket/325 http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6 http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/ https://bugzilla.redhat.com/show_bug.cgi?id=667187 Common Vulnerability Exposure (CVE) ID: CVE-2010-2244 1024200 http://www.securitytracker.com/id?1024200 DSA-2086 http://www.debian.org/security/2010/dsa-2086 FEDORA-2010-10581 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043820.html FEDORA-2010-10584 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html MDVSA-2010:204 http://www.mandriva.com/security/advisories?name=MDVSA-2010:204 [oss-security] 20100623 CVE Request: avahi DoS http://www.openwall.com/lists/oss-security/2010/06/23/4 [oss-security] 20100625 Re: CVE Request: avahi DoS http://marc.info/?l=oss-security&m=127748459505200&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=607293
Copyright	Copyright (C) 2011 E-Soft Inc.