avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P
Vendors Products
Redhat
  • Enterprise Linux
Canonical
  • Ubuntu Linux
Fedoraproject
  • Fedora
Debian
  • Debian Linux
Avahi
  • Avahi

Configuration 1 [-]

OR cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.1:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.2:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.3:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.4:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.5:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.4:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.5:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.6:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.7:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.8:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.9:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.10:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.11:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.12:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.13:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.14:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.15:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.16:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.17:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.18:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.19:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.20:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.21:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.22:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.23:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.24:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.25:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.26:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.27:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
References
Link Resource
http://avahi.org/ticket/325 Broken Link
http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6 Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html Third Party Advisory
http://openwall.com/lists/oss-security/2011/02/18/1 Mailing List Third Party Advisory
http://openwall.com/lists/oss-security/2011/02/18/4 Mailing List Third Party Advisory
http://osvdb.org/70948 Broken Link
http://secunia.com/advisories/43361 Broken Link Vendor Advisory
http://secunia.com/advisories/43465 Broken Link
http://secunia.com/advisories/43605 Broken Link
http://secunia.com/advisories/43673 Broken Link
http://secunia.com/advisories/44131 Broken Link
http://ubuntu.com/usn/usn-1084-1 Third Party Advisory
http://www.debian.org/security/2011/dsa-2174 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:037 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 Broken Link
http://www.openwall.com/lists/oss-security/2011/02/22/9 Mailing List Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0436.html Broken Link
http://www.redhat.com/support/errata/RHSA-2011-0779.html Broken Link
http://www.securityfocus.com/bid/46446 Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2011/0448 Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2011/0499 Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2011/0511 Broken Link
http://www.vupen.com/english/advisories/2011/0565 Broken Link
http://www.vupen.com/english/advisories/2011/0601 Broken Link
http://www.vupen.com/english/advisories/2011/0670 Broken Link
http://www.vupen.com/english/advisories/2011/0969 Broken Link
http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/ Exploit Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=667187 Issue Tracking Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65524 Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/65525 Third Party Advisory VDB Entry
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2011-02-22T18:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2011-02-14T00:00:00

Link: CVE-2011-1002

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2011-02-22T19:00:02.503

Modified: 2023-12-22T18:19:10.320

Link: CVE-2011-1002

JSON object: View

cve-icon Redhat Information

No data.

CWE