FreeBSD Local Security Checks : avahi -- denial of service

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.69366

Category: FreeBSD Local Security Checks

Title: avahi -- denial of service

Summary: avahi -- denial of service

Description: The remote host is missing an update to the system
as announced in the referenced advisory.

The following packages are affected:
avahi
avahi-app
avahi-autoipd
avahi-gtk
avahi-libdns
avahi-qt3
avahi-qt4
avahi-sharp

CVE-2011-1002
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows
remote attackers to cause a denial of service (infinite loop) via an
empty (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2010-2244.

CVE-2010-2244
The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in
Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of
service (assertion failure and daemon exit) via a DNS packet with an
invalid checksum followed by a DNS packet with a valid checksum, a
different vulnerability than CVE-2008-5081.

Solution:
Update your system with the appropriate patches or
software upgrades.

http://secunia.com/advisories/43361/
https://bugzilla.redhat.com/show_bug.cgi?id=667187
http://www.vuxml.org/freebsd/8b986a05-4dbe-11e0-8b9a-02e0184b8d35.html

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-1002
http://openwall.com/lists/oss-security/2011/02/18/1
http://openwall.com/lists/oss-security/2011/02/18/4
http://www.openwall.com/lists/oss-security/2011/02/22/9
http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/
Debian Security Information: DSA-2174 (Google Search)
http://www.debian.org/security/2011/dsa-2174
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:037
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040
http://www.redhat.com/support/errata/RHSA-2011-0436.html
http://www.redhat.com/support/errata/RHSA-2011-0779.html
http://ubuntu.com/usn/usn-1084-1
BugTraq ID: 46446
http://www.securityfocus.com/bid/46446
http://osvdb.org/70948
http://secunia.com/advisories/43361
http://secunia.com/advisories/43465
http://secunia.com/advisories/43605
http://secunia.com/advisories/43673
http://secunia.com/advisories/44131
http://www.vupen.com/english/advisories/2011/0448
http://www.vupen.com/english/advisories/2011/0499
http://www.vupen.com/english/advisories/2011/0511
http://www.vupen.com/english/advisories/2011/0565
http://www.vupen.com/english/advisories/2011/0601
http://www.vupen.com/english/advisories/2011/0670
http://www.vupen.com/english/advisories/2011/0969
XForce ISS Database: avahi-udp-dos(65524)
http://xforce.iss.net/xforce/xfdb/65524
XForce ISS Database: avahi-udp-packet-dos(65525)
http://xforce.iss.net/xforce/xfdb/65525
Common Vulnerability Exposure (CVE) ID: CVE-2010-2244
http://www.openwall.com/lists/oss-security/2010/06/23/4
http://marc.info/?l=oss-security&m=127748459505200&w=2
Debian Security Information: DSA-2086 (Google Search)
http://www.debian.org/security/2010/dsa-2086
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043820.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:204
http://www.securitytracker.com/id?1024200

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.69366
Category:	FreeBSD Local Security Checks
Title:	avahi -- denial of service
Summary:	avahi -- denial of service
Description:	The remote host is missing an update to the system as announced in the referenced advisory. The following packages are affected: avahi avahi-app avahi-autoipd avahi-gtk avahi-libdns avahi-qt3 avahi-qt4 avahi-sharp CVE-2011-1002 avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. CVE-2010-2244 The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081. Solution: Update your system with the appropriate patches or software upgrades. http://secunia.com/advisories/43361/ https://bugzilla.redhat.com/show_bug.cgi?id=667187 http://www.vuxml.org/freebsd/8b986a05-4dbe-11e0-8b9a-02e0184b8d35.html
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1002 http://openwall.com/lists/oss-security/2011/02/18/1 http://openwall.com/lists/oss-security/2011/02/18/4 http://www.openwall.com/lists/oss-security/2011/02/22/9 http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/ Debian Security Information: DSA-2174 (Google Search) http://www.debian.org/security/2011/dsa-2174 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:037 http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 http://www.redhat.com/support/errata/RHSA-2011-0436.html http://www.redhat.com/support/errata/RHSA-2011-0779.html http://ubuntu.com/usn/usn-1084-1 BugTraq ID: 46446 http://www.securityfocus.com/bid/46446 http://osvdb.org/70948 http://secunia.com/advisories/43361 http://secunia.com/advisories/43465 http://secunia.com/advisories/43605 http://secunia.com/advisories/43673 http://secunia.com/advisories/44131 http://www.vupen.com/english/advisories/2011/0448 http://www.vupen.com/english/advisories/2011/0499 http://www.vupen.com/english/advisories/2011/0511 http://www.vupen.com/english/advisories/2011/0565 http://www.vupen.com/english/advisories/2011/0601 http://www.vupen.com/english/advisories/2011/0670 http://www.vupen.com/english/advisories/2011/0969 XForce ISS Database: avahi-udp-dos(65524) http://xforce.iss.net/xforce/xfdb/65524 XForce ISS Database: avahi-udp-packet-dos(65525) http://xforce.iss.net/xforce/xfdb/65525 Common Vulnerability Exposure (CVE) ID: CVE-2010-2244 http://www.openwall.com/lists/oss-security/2010/06/23/4 http://marc.info/?l=oss-security&m=127748459505200&w=2 Debian Security Information: DSA-2086 (Google Search) http://www.debian.org/security/2010/dsa-2086 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043820.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:204 http://www.securitytracker.com/id?1024200
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com