 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.59413 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 5 FEDORA-2006-1339 (avahi) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to avahi announced via advisory FEDORA-2006-1339. Avahi is a system which facilitates service discovery on a local network -- this means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. This kind of technology is already found in MacOS X (branded 'Rendezvous', 'Bonjour' and sometimes 'ZeroConf') and is very convenient. Update Information: Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi. avahi-0.6.11-2.fc5 has applied patch which should resolve this issue. * Tue Nov 28 2006 Martin Bacovsky - 0.6.11-2.fc5 - fix bug #216655 - CVE-2006-5461 - avahi did not verify the sender identity of netlink messages * Mon Jul 17 2006 Jason Vas Dias - 0.6.11-1 - Upgrade to upstream version 0.6.11 - fix bug 195674: set 'use-ipv6=yes' in avahi-daemon.conf - fix bug 197414: avahi-compat-howl and avahi-compat-dns-sd symlinks - fix bug 198282: avahi-compat-{howl-devel,dns-sd-devel} Requires: * Tue Jun 13 2006 Jason Vas Dias - 0.6.10-3 - rebuild for broken mono deps * Tue Jun 6 2006 Jason Vas Dias - 0.6.10-2 - fix bug 194203: fix permissions on /var/run/avahi-daemon * Tue May 30 2006 Jason Vas Dias - 0.6.10-1 - Upgrade to upstream version 0.6.10 - fix bug 192080: split avahi-compat-libdns_sd into separate package (same goes for avahi-compat-howl) Solution: Apply the appropriate updates. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2006-1339 Risk factor : Medium CVSS Score: 2.1 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2006-5461 BugTraq ID: 21016 http://www.securityfocus.com/bid/21016 http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:215 https://tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html http://securitytracker.com/id?1017257 http://secunia.com/advisories/22807 http://secunia.com/advisories/22852 http://secunia.com/advisories/22932 http://secunia.com/advisories/23020 http://secunia.com/advisories/23042 SuSE Security Announcement: SUSE-SR:2006:026 (Google Search) http://www.novell.com/linux/security/advisories/2006_26_sr.html https://usn.ubuntu.com/380-1/ http://www.vupen.com/english/advisories/2006/4474 XForce ISS Database: avahi-netlink-security-bypass(30207) https://exchange.xforce.ibmcloud.com/vulnerabilities/30207 |
| Copyright | Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |