CVE ID:	CVE-2011-1002
Description:	avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
Test IDs:	1.3.6.1.4.1.25623.1.0.840608   1.3.6.1.4.1.25623.1.0.69066   1.3.6.1.4.1.25623.1.0.122195   1.3.6.1.4.1.25623.1.0.122169   1.3.6.1.4.1.25623.1.0.831342   1.3.6.1.4.1.25623.1.0.69366   1.3.6.1.4.1.25623.1.0.69108   1.3.6.1.4.1.25623.1.0.70206   1.3.6.1.4.1.25623.1.0.69144   1.3.6.1.4.1.25623.1.0.69272
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1002 43361 http://secunia.com/advisories/43361 43465 http://secunia.com/advisories/43465 43605 http://secunia.com/advisories/43605 43673 http://secunia.com/advisories/43673 44131 http://secunia.com/advisories/44131 46446 http://www.securityfocus.com/bid/46446 70948 http://osvdb.org/70948 ADV-2011-0448 http://www.vupen.com/english/advisories/2011/0448 ADV-2011-0499 http://www.vupen.com/english/advisories/2011/0499 ADV-2011-0511 http://www.vupen.com/english/advisories/2011/0511 ADV-2011-0565 http://www.vupen.com/english/advisories/2011/0565 ADV-2011-0601 http://www.vupen.com/english/advisories/2011/0601 ADV-2011-0670 http://www.vupen.com/english/advisories/2011/0670 ADV-2011-0969 http://www.vupen.com/english/advisories/2011/0969 DSA-2174 http://www.debian.org/security/2011/dsa-2174 FEDORA-2011-3033 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html MDVSA-2011:037 http://www.mandriva.com/security/advisories?name=MDVSA-2011:037 MDVSA-2011:040 http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 RHSA-2011:0436 http://www.redhat.com/support/errata/RHSA-2011-0436.html RHSA-2011:0779 http://www.redhat.com/support/errata/RHSA-2011-0779.html SUSE-SR:2011:005 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html USN-1084-1 http://ubuntu.com/usn/usn-1084-1 [oss-security] 20110218 CVE request: avahi daemon remote denial of service by sending NULL UDP http://openwall.com/lists/oss-security/2011/02/18/1 [oss-security] 20110218 Re: CVE request: avahi daemon remote denial of service by sending NULL UDP http://openwall.com/lists/oss-security/2011/02/18/4 [oss-security] 20110222 Re: [oss-security] CVE request: avahi daemon remote denial of service by sending NULL UDP http://www.openwall.com/lists/oss-security/2011/02/22/9 avahi-udp-dos(65524) https://exchange.xforce.ibmcloud.com/vulnerabilities/65524 avahi-udp-packet-dos(65525) https://exchange.xforce.ibmcloud.com/vulnerabilities/65525 http://avahi.org/ticket/325 http://avahi.org/ticket/325 http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6 http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6 http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/ http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/ https://bugzilla.redhat.com/show_bug.cgi?id=667187 https://bugzilla.redhat.com/show_bug.cgi?id=667187