CentOS Local Security Checks : CentOS Update for avahi CESA-2011:0436 centos5 i386

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.880557

Categoría: CentOS Local Security Checks

Título: CentOS Update for avahi CESA-2011:0436 centos5 i386

Resumen: The remote host is missing an update for the 'avahi'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'avahi'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Avahi is an implementation of the DNS Service Discovery and Multicast DNS
specifications for Zero Configuration Networking. It facilitates service
discovery on a local network. Avahi and Avahi-aware applications allow you
to plug your computer into a network and, with no configuration, view other
people to chat with, view printers to print to, and find shared files on
other computers.

A flaw was found in the way the Avahi daemon (avahi-daemon) processed
Multicast DNS (mDNS) packets with an empty payload. An attacker on the
local network could use this flaw to cause avahi-daemon on a target system
to enter an infinite loop via an empty mDNS UDP packet. (CVE-2011-1002)

All users are advised to upgrade to these updated packages, which contain
a backported patch to correct this issue. After installing the update,
avahi-daemon will be restarted automatically.

Affected Software/OS:
avahi on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1002
43361
http://secunia.com/advisories/43361
43465
http://secunia.com/advisories/43465
43605
http://secunia.com/advisories/43605
43673
http://secunia.com/advisories/43673
44131
http://secunia.com/advisories/44131
46446
http://www.securityfocus.com/bid/46446
70948
http://osvdb.org/70948
ADV-2011-0448
http://www.vupen.com/english/advisories/2011/0448
ADV-2011-0499
http://www.vupen.com/english/advisories/2011/0499
ADV-2011-0511
http://www.vupen.com/english/advisories/2011/0511
ADV-2011-0565
http://www.vupen.com/english/advisories/2011/0565
ADV-2011-0601
http://www.vupen.com/english/advisories/2011/0601
ADV-2011-0670
http://www.vupen.com/english/advisories/2011/0670
ADV-2011-0969
http://www.vupen.com/english/advisories/2011/0969
DSA-2174
http://www.debian.org/security/2011/dsa-2174
FEDORA-2011-3033
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html
MDVSA-2011:037
http://www.mandriva.com/security/advisories?name=MDVSA-2011:037
MDVSA-2011:040
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040
RHSA-2011:0436
http://www.redhat.com/support/errata/RHSA-2011-0436.html
RHSA-2011:0779
http://www.redhat.com/support/errata/RHSA-2011-0779.html
SUSE-SR:2011:005
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
USN-1084-1
http://ubuntu.com/usn/usn-1084-1
[oss-security] 20110218 CVE request: avahi daemon remote denial of service by sending NULL UDP
http://openwall.com/lists/oss-security/2011/02/18/1
[oss-security] 20110218 Re: CVE request: avahi daemon remote denial of service by sending NULL UDP
http://openwall.com/lists/oss-security/2011/02/18/4
[oss-security] 20110222 Re: [oss-security] CVE request: avahi daemon remote denial of service by sending NULL UDP
http://www.openwall.com/lists/oss-security/2011/02/22/9
avahi-udp-dos(65524)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65524
avahi-udp-packet-dos(65525)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65525
http://avahi.org/ticket/325
http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6
http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/
https://bugzilla.redhat.com/show_bug.cgi?id=667187
Common Vulnerability Exposure (CVE) ID: CVE-2010-2244
1024200
http://www.securitytracker.com/id?1024200
DSA-2086
http://www.debian.org/security/2010/dsa-2086
FEDORA-2010-10581
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043820.html
FEDORA-2010-10584
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html
MDVSA-2010:204
http://www.mandriva.com/security/advisories?name=MDVSA-2010:204
[oss-security] 20100623 CVE Request: avahi DoS
http://www.openwall.com/lists/oss-security/2010/06/23/4
[oss-security] 20100625 Re: CVE Request: avahi DoS
http://marc.info/?l=oss-security&m=127748459505200&w=2
https://bugzilla.redhat.com/show_bug.cgi?id=607293

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.880557
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for avahi CESA-2011:0436 centos5 i386
Resumen:	The remote host is missing an update for the 'avahi'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'avahi' package(s) announced via the referenced advisory. Vulnerability Insight: Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with an empty payload. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to enter an infinite loop via an empty mDNS UDP packet. (CVE-2011-1002) All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, avahi-daemon will be restarted automatically. Affected Software/OS: avahi on CentOS 5 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1002 43361 http://secunia.com/advisories/43361 43465 http://secunia.com/advisories/43465 43605 http://secunia.com/advisories/43605 43673 http://secunia.com/advisories/43673 44131 http://secunia.com/advisories/44131 46446 http://www.securityfocus.com/bid/46446 70948 http://osvdb.org/70948 ADV-2011-0448 http://www.vupen.com/english/advisories/2011/0448 ADV-2011-0499 http://www.vupen.com/english/advisories/2011/0499 ADV-2011-0511 http://www.vupen.com/english/advisories/2011/0511 ADV-2011-0565 http://www.vupen.com/english/advisories/2011/0565 ADV-2011-0601 http://www.vupen.com/english/advisories/2011/0601 ADV-2011-0670 http://www.vupen.com/english/advisories/2011/0670 ADV-2011-0969 http://www.vupen.com/english/advisories/2011/0969 DSA-2174 http://www.debian.org/security/2011/dsa-2174 FEDORA-2011-3033 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html MDVSA-2011:037 http://www.mandriva.com/security/advisories?name=MDVSA-2011:037 MDVSA-2011:040 http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 RHSA-2011:0436 http://www.redhat.com/support/errata/RHSA-2011-0436.html RHSA-2011:0779 http://www.redhat.com/support/errata/RHSA-2011-0779.html SUSE-SR:2011:005 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html USN-1084-1 http://ubuntu.com/usn/usn-1084-1 [oss-security] 20110218 CVE request: avahi daemon remote denial of service by sending NULL UDP http://openwall.com/lists/oss-security/2011/02/18/1 [oss-security] 20110218 Re: CVE request: avahi daemon remote denial of service by sending NULL UDP http://openwall.com/lists/oss-security/2011/02/18/4 [oss-security] 20110222 Re: [oss-security] CVE request: avahi daemon remote denial of service by sending NULL UDP http://www.openwall.com/lists/oss-security/2011/02/22/9 avahi-udp-dos(65524) https://exchange.xforce.ibmcloud.com/vulnerabilities/65524 avahi-udp-packet-dos(65525) https://exchange.xforce.ibmcloud.com/vulnerabilities/65525 http://avahi.org/ticket/325 http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6 http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/ https://bugzilla.redhat.com/show_bug.cgi?id=667187 Common Vulnerability Exposure (CVE) ID: CVE-2010-2244 1024200 http://www.securitytracker.com/id?1024200 DSA-2086 http://www.debian.org/security/2010/dsa-2086 FEDORA-2010-10581 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043820.html FEDORA-2010-10584 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html MDVSA-2010:204 http://www.mandriva.com/security/advisories?name=MDVSA-2010:204 [oss-security] 20100623 CVE Request: avahi DoS http://www.openwall.com/lists/oss-security/2010/06/23/4 [oss-security] 20100625 Re: CVE Request: avahi DoS http://marc.info/?l=oss-security&m=127748459505200&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=607293
Copyright	Copyright (C) 2011 Greenbone AG