English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.69366
Category:FreeBSD Local Security Checks
Title:avahi -- denial of service
Summary:avahi -- denial of service
Description:The remote host is missing an update to the system
as announced in the referenced advisory.

The following packages are affected:
avahi
avahi-app
avahi-autoipd
avahi-gtk
avahi-libdns
avahi-qt3
avahi-qt4
avahi-sharp

CVE-2011-1002
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows
remote attackers to cause a denial of service (infinite loop) via an
empty (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2010-2244.

CVE-2010-2244
The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in
Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of
service (assertion failure and daemon exit) via a DNS packet with an
invalid checksum followed by a DNS packet with a valid checksum, a
different vulnerability than CVE-2008-5081.

Solution:
Update your system with the appropriate patches or
software upgrades.

http://secunia.com/advisories/43361/
https://bugzilla.redhat.com/show_bug.cgi?id=667187
http://www.vuxml.org/freebsd/8b986a05-4dbe-11e0-8b9a-02e0184b8d35.html
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-1002
http://openwall.com/lists/oss-security/2011/02/18/1
http://openwall.com/lists/oss-security/2011/02/18/4
http://www.openwall.com/lists/oss-security/2011/02/22/9
http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/
Debian Security Information: DSA-2174 (Google Search)
http://www.debian.org/security/2011/dsa-2174
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:037
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040
http://www.redhat.com/support/errata/RHSA-2011-0436.html
http://www.redhat.com/support/errata/RHSA-2011-0779.html
http://ubuntu.com/usn/usn-1084-1
BugTraq ID: 46446
http://www.securityfocus.com/bid/46446
http://osvdb.org/70948
http://secunia.com/advisories/43361
http://secunia.com/advisories/43465
http://secunia.com/advisories/43605
http://secunia.com/advisories/43673
http://secunia.com/advisories/44131
http://www.vupen.com/english/advisories/2011/0448
http://www.vupen.com/english/advisories/2011/0499
http://www.vupen.com/english/advisories/2011/0511
http://www.vupen.com/english/advisories/2011/0565
http://www.vupen.com/english/advisories/2011/0601
http://www.vupen.com/english/advisories/2011/0670
http://www.vupen.com/english/advisories/2011/0969
XForce ISS Database: avahi-udp-dos(65524)
http://xforce.iss.net/xforce/xfdb/65524
XForce ISS Database: avahi-udp-packet-dos(65525)
http://xforce.iss.net/xforce/xfdb/65525
Common Vulnerability Exposure (CVE) ID: CVE-2010-2244
http://www.openwall.com/lists/oss-security/2010/06/23/4
http://marc.info/?l=oss-security&m=127748459505200&w=2
Debian Security Information: DSA-2086 (Google Search)
http://www.debian.org/security/2010/dsa-2086
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043820.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:204
http://www.securitytracker.com/id?1024200
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.