Avahi-daemon versions prior to 0.6.24 can be DoSd with an mDNS packet with a source port of 0.
9148d8104748fb23327bdda0c398d13bd00d8494f309e5c0dd2426eaee5c8102Mandriva Linux Security Advisory 2009-031 - A vulnerability has been discovered in Avahi before 0.6.24, which allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0. The updated packages have been patched to prevent this.
f15a9e069ec8d7ce72a65f22fcacbb8543a8741f2ae5a0e24cb72da05e2bcca5Gentoo Linux Security Advisory GLSA 200901-11 - A Denial of Service vulnerability has been discovered in Avahi. Hugo Dias reported a failed assertion in the originates_from_local_legacy_unicast_socket() function in avahi-core/server.c when processing mDNS packets with a source port of 0. Versions less than 0.6.24 are affected.
728f3a014d0f773b7ef89d5f2678653b123b208673730d5a49f1b6610dea17beDebian Security Advisory 1690-1 - Two denial of service conditions were discovered in avahi, a Multicast DNS implementation.
ef1a5df07104978bb17173fe99f506005c7a6bbe6cf093b6fdec41e6a73983b8Ubuntu Security Notice USN-696-1 - Emanuele Aina discovered that Avahi did not properly validate it's input when processing data over D-Bus. A local attacker could send an empty TXT message via D-Bus and cause a denial of service (failed assertion). This issue only affected Ubuntu 6.06 LTS. Hugo Dias discovered that Avahi did not properly verify it's input when processing mDNS packets. A remote attacker could send a crafted mDNS packet and cause a denial of service (assertion failure).
4ed8338613bd90bd9db4370e94dd72fdf7c7aeb5538276764c37e414ec7895f3Avahi mDNS daemon versions below 0.6.24 remote denial of service exploit.
21710acf10701ccd19d56410ec9950524c32406536eccbcb87f1aab4060bb059
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed