Vulnerabilities > CVE-2010-2244 - Unspecified vulnerability in Avahi 0.6.16/0.6.25
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-037.NASL description A vulnerability has been found and corrected in avahi : avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244 (CVE-2011-1002). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 52454 published 2011-02-25 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52454 title Mandriva Linux Security Advisory : avahi (MDVSA-2011:037) NASL family Fedora Local Security Checks NASL id FEDORA_2011-3033.NASL description Fixes CVE-2011-1002 among other smaller things Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 52664 published 2011-03-15 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52664 title Fedora 15 : avahi-0.6.29-1.fc15 (2011-3033) NASL family Fedora Local Security Checks NASL id FEDORA_2010-10584.NASL description Fix for CVE-2010-2244. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47610 published 2010-07-07 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47610 title Fedora 12 : avahi-0.6.25-7.fc12 (2010-10584) NASL family Fedora Local Security Checks NASL id FEDORA_2010-10581.NASL description Fix for CVE-2010-2244. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47609 published 2010-07-07 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47609 title Fedora 13 : avahi-0.6.25-7.fc13 (2010-10581) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_8B986A054DBE11E08B9A02E0184B8D35.NASL description Avahi developers reports : A vulnerability has been reported in Avahi, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing certain UDP packets, which can be exploited to trigger an infinite loop by e.g. sending an empty packet to port 5353/UDP. last seen 2020-06-01 modified 2020-06-02 plugin id 52666 published 2011-03-15 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52666 title FreeBSD : avahi -- denial of service (8b986a05-4dbe-11e0-8b9a-02e0184b8d35) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0622.NASL description Updated rhev-hypervisor packages that fix multiple security issues and two bugs are now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was found that the libspice component of QEMU-KVM on the host did not validate all pointers provided from a guest system last seen 2020-06-01 modified 2020-06-02 plugin id 79276 published 2014-11-17 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79276 title RHEL 5 : rhev-hypervisor (RHSA-2010:0622) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-17.NASL description The remote host is affected by the vulnerability described in GLSA-201110-17 (Avahi: Denial of Service) Multiple vulnerabilities have been discovered in Avahi. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56592 published 2011-10-24 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56592 title GLSA-201110-17 : Avahi: Denial of Service NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0528.NASL description Updated avahi packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with corrupted checksums. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to exit unexpectedly via specially crafted mDNS packets. (CVE-2010-2244) A flaw was found in the way avahi-daemon processed incoming unicast mDNS messages. If the mDNS reflector were enabled on a system, an attacker on the local network could send a specially crafted unicast mDNS message to that system, resulting in its avahi-daemon flooding the network with a multicast packet storm, and consuming a large amount of CPU. Note: The mDNS reflector is disabled by default. (CVE-2009-0758) All users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, avahi-daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 47739 published 2010-07-16 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47739 title CentOS 5 : avahi (CESA-2010:0528) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-204.NASL description A vulnerability was discovered and corrected in avahi : The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081 (CVE-2010-2244). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 49989 published 2010-10-15 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49989 title Mandriva Linux Security Advisory : avahi (MDVSA-2010:204) NASL family Scientific Linux Local Security Checks NASL id SL_20100713_AVAHI_ON_SL5_X.NASL description A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with corrupted checksums. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to exit unexpectedly via specially crafted mDNS packets. (CVE-2010-2244) A flaw was found in the way avahi-daemon processed incoming unicast mDNS messages. If the mDNS reflector were enabled on a system, an attacker on the local network could send a specially crafted unicast mDNS message to that system, resulting in its avahi-daemon flooding the network with a multicast packet storm, and consuming a large amount of CPU. Note: The mDNS reflector is disabled by default. (CVE-2009-0758) After installing the update, avahi-daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 60814 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60814 title Scientific Linux Security Update : avahi on SL5.x i386/x86_64 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0528.NASL description Updated avahi packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with corrupted checksums. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to exit unexpectedly via specially crafted mDNS packets. (CVE-2010-2244) A flaw was found in the way avahi-daemon processed incoming unicast mDNS messages. If the mDNS reflector were enabled on a system, an attacker on the local network could send a specially crafted unicast mDNS message to that system, resulting in its avahi-daemon flooding the network with a multicast packet storm, and consuming a large amount of CPU. Note: The mDNS reflector is disabled by default. (CVE-2009-0758) All users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, avahi-daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 47874 published 2010-07-28 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47874 title RHEL 5 : avahi (RHSA-2010:0528) NASL family Fedora Local Security Checks NASL id FEDORA_2011-11588.NASL description Fixes CVE-2011-1002. The MITRE CVE dictionary describes this issue as : avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. Find out more about CVE-2011-1002 from the MITRE CVE dictionary and NIST NVD. This also disables gtk3 support. Unfortunately gtk3 support in F14 is broken and Avahi cannot be compiled against it. Since gtk3 will not be fixed in F14 anymore and nobody uses it we instead disable it in Avahi. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56151 published 2011-09-12 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56151 title Fedora 14 : avahi-0.6.27-8.fc14 (2011-11588) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0528.NASL description From Red Hat Security Advisory 2010:0528 : Updated avahi packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with corrupted checksums. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to exit unexpectedly via specially crafted mDNS packets. (CVE-2010-2244) A flaw was found in the way avahi-daemon processed incoming unicast mDNS messages. If the mDNS reflector were enabled on a system, an attacker on the local network could send a specially crafted unicast mDNS message to that system, resulting in its avahi-daemon flooding the network with a multicast packet storm, and consuming a large amount of CPU. Note: The mDNS reflector is disabled by default. (CVE-2009-0758) All users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, avahi-daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68061 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68061 title Oracle Linux 5 : avahi (ELSA-2010-0528) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2086.NASL description Several vulnerabilities have been discovered in the Avahi mDNS/DNS-SD daemon. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0758 Rob Leslie discovered a denial of service vulnerability in the code used to reflect unicast mDNS traffic. - CVE-2010-2244 Ludwig Nussel discovered a denial of service vulnerability in the processing of malformed DNS packets. last seen 2020-06-01 modified 2020-06-02 plugin id 48248 published 2010-08-05 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48248 title Debian DSA-2086-1 : avahi - several vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-992-1.NASL description It was discovered that Avahi incorrectly handled certain mDNS query packets when the reflector feature is enabled, which is not the default configuration on Ubuntu. A remote attacker could send crafted mDNS queries and perform a denial of service on the server and on the network. This issue only affected Ubuntu 8.04 LTS and 9.04. (CVE-2009-0758) It was discovered that Avahi incorrectly handled mDNS packets with corrupted checksums. A remote attacker could send crafted mDNS packets and cause Avahi to crash, resulting in a denial of service. (CVE-2010-2244). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49761 published 2010-10-06 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49761 title Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : avahi vulnerabilities (USN-992-1)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 41075 CVE ID: CVE-2010-2244 Avahi是用于简化在本地网络中发现服务的工具。 Avahi的avahi-core/socket.c文件中的avahi_recv_dns_packet_ipv4()和 avahi_recv_dns_packet_ipv6()函数没有正确地处理畸形DNS报文,远程攻击者可以通过发送一个带有错误校验和的DNS报文之后立即跟随一个带有正确校验和的DNS报文触发assertion错误,导致服务终止。 Avahi < 0.6.26 厂商补丁: Avahi ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://avahi.org/milestone/Avahi%200.6.26 |
| id | SSV:19923 |
| last seen | 2017-11-19 |
| modified | 2010-07-08 |
| published | 2010-07-08 |
| reporter | Root |
| title | Avahi avahi-core/socket.c文件畸形DNS报文拒绝服务漏洞 |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043820.html
- http://marc.info/?l=oss-security&m=127748459505200&w=2
- http://www.debian.org/security/2010/dsa-2086
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:204
- http://www.openwall.com/lists/oss-security/2010/06/23/4
- http://www.securitytracker.com/id?1024200
- https://bugzilla.redhat.com/show_bug.cgi?id=607293