Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1002

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1002
Last Modified 11 Feb 2014 11:27:34
Published 22 Feb 2011 02:00:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1002

Summary

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.

Vulnerable Systems

Application

  • Avahi 0.1

  • Avahi 0.2

  • Avahi 0.3

  • Avahi 0.4

  • Avahi 0.5

  • Avahi 0.5.1

  • Avahi 0.5.2

  • Avahi 0.6.1

  • Avahi 0.6.10

  • Avahi 0.6.11

  • Avahi 0.6.12

  • Avahi 0.6.13

  • Avahi 0.6.14

  • Avahi 0.6.15

  • Avahi 0.6.16

  • Avahi 0.6.17

  • Avahi 0.6.18

  • Avahi 0.6.19

  • Avahi 0.6.2

  • Avahi 0.6.20

  • Avahi 0.6.21

  • Avahi 0.6.22

  • Avahi 0.6.23

  • Avahi 0.6.24

  • Avahi 0.6.25

  • Avahi 0.6.26

  • Avahi 0.6.27

  • Avahi 0.6.28

  • Avahi 0.6.3

  • Avahi 0.6.4

  • Avahi 0.6.5

  • Avahi 0.6.6

  • Avahi 0.6.7

  • Avahi 0.6.8

  • Avahi 0.6.9


References

CONFIRM - http://git.0pointer.de/?p=avahi.git;a=commit;h=46109dfec75534fe270c0ab902576f685d5ab3a6

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=667187

MISC - http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/

XF - avahi-udp-packet-dos(65525)

XF - avahi-udp-dos(65524)

VUPEN - ADV-2011-0969

VUPEN - ADV-2011-0670

VUPEN - ADV-2011-0601

VUPEN - ADV-2011-0565

VUPEN - ADV-2011-0511

VUPEN - ADV-2011-0499

VUPEN - ADV-2011-0448

BID - 46446

REDHAT - RHSA-2011:0779

REDHAT - RHSA-2011:0436

MLIST - [oss-security] 20110222 Re: [oss-security] CVE request: avahi daemon remote denial of service by sending NULL UDP

MANDRIVA - MDVSA-2011:040

MANDRIVA - MDVSA-2011:037

DEBIAN - DSA-2174

UBUNTU - USN-1084-1

SECUNIA - 44131

SECUNIA - 43673

SECUNIA - 43605

SECUNIA - 43465

SECUNIA - 43361

OSVDB - 70948

MLIST - [oss-security] 20110218 Re: CVE request: avahi daemon remote denial of service by sending NULL UDP

MLIST - [oss-security] 20110218 CVE request: avahi daemon remote denial of service by sending NULL UDP

FEDORA - FEDORA-2011-3033

CONFIRM - http://avahi.org/ticket/325

SUSE - SUSE-SR:2011:005


Last Updated: 27 May 2016 11:04:26