Test ID:	1.3.6.1.4.1.25623.1.0.59088
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-402-1 (avahi)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to avahi announced via advisory USN-402-1. A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Details follow: A flaw was discovered in Avahi's handling of compressed DNS packets. If a specially crafted reply were received over the network, the Avahi daemon would go into an infinite loop, causing a denial of service. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: avahi-daemon 0.5.2-1ubuntu1.4 Ubuntu 6.06 LTS: avahi-daemon 0.6.10-0ubuntu3.4 Ubuntu 6.10: avahi-daemon 0.6.13-2ubuntu2.4 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-402-1 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-6870 BugTraq ID: 21881 http://www.securityfocus.com/bid/21881 http://fedoranews.org/cms/node/2362 http://fedoranews.org/cms/node/2408 http://www.mandriva.com/security/advisories?name=MDKSA-2007:003 http://secunia.com/advisories/23628 http://secunia.com/advisories/23644 http://secunia.com/advisories/23660 http://secunia.com/advisories/23673 http://secunia.com/advisories/23782 http://secunia.com/advisories/24995 SuSE Security Announcement: SUSE-SR:2007:007 (Google Search) http://www.novell.com/linux/security/advisories/2007_007_suse.html http://www.ubuntu.com/usn/usn-402-1 http://www.vupen.com/english/advisories/2007/0071
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.