CVE-2011-1002

Severity

50%

Complexity

99%

Confidentiality

48%

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

Avahi

First reported 14 years ago

2011-02-22 19:00:00

Last updated 7 years ago

2017-08-17 01:33:00

Affected Software

Avahi 0.1

0.1

Avahi 0.2

0.2

Avahi 0.3

0.3

Avahi 0.4

0.4

Avahi 0.5

0.5

Avahi 0.5.1

0.5.1

Avahi 0.5.2

0.5.2

Avahi 0.6.1

0.6.1

Avahi 0.6.2

0.6.2

Avahi 0.6.3

0.6.3

Avahi 0.6.4

0.6.4

Avahi 0.6.5

0.6.5

Avahi 0.6.6

0.6.6

Avahi 0.6.7

0.6.7

Avahi 0.6.8

0.6.8

Avahi 0.6.9

0.6.9

Avahi 0.6.10

0.6.10

Avahi 0.6.11

0.6.11

Avahi 0.6.12

0.6.12

Avahi 0.6.13

0.6.13

Avahi 0.6.14

0.6.14

Avahi 0.6.15

0.6.15

Avahi 0.6.16

0.6.16

Avahi 0.6.17

0.6.17

Avahi 0.6.18

0.6.18

Avahi 0.6.19

0.6.19

Avahi 0.6.20

0.6.20

Avahi 0.6.21

0.6.21

Avahi 0.6.22

0.6.22

Avahi 0.6.23

0.6.23

Avahi 0.6.24

0.6.24

Avahi 0.6.25

0.6.25

Avahi 0.6.26

0.6.26

Avahi 0.6.27

0.6.27

References

http://avahi.org/ticket/325

http://git.0pointer.de/?p=avahi.git;a=commit;h=46109dfec75534fe270c0ab902576f685d5ab3a6

Patch

FEDORA-2011-3033

SUSE-SR:2011:005

[oss-security] 20110218 CVE request: avahi daemon remote denial of service by sending NULL UDP

[oss-security] 20110218 Re: CVE request: avahi daemon remote denial of service by sending NULL UDP

70948

43361

Vendor Advisory

43465

43605

43673

44131

USN-1084-1

DSA-2174

MDVSA-2011:037

MDVSA-2011:040

[oss-security] 20110222 Re: [oss-security] CVE request: avahi daemon remote denial of service by sending NULL UDP

RHSA-2011:0436

RHSA-2011:0779

46446

ADV-2011-0448

Vendor Advisory

ADV-2011-0499

Vendor Advisory

ADV-2011-0511

ADV-2011-0565

ADV-2011-0601

ADV-2011-0670

ADV-2011-0969

http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/

https://bugzilla.redhat.com/show_bug.cgi?id=667187

avahi-udp-dos(65524)

avahi-udp-packet-dos(65525)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.