Vulnerabilities > CVE-2010-2244 - Unspecified vulnerability in Avahi 0.6.16/0.6.25

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
avahi
nessus

Summary

The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081.

Vulnerable Configurations

Part Description Count
Application
Avahi
2

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-037.NASL
    descriptionA vulnerability has been found and corrected in avahi : avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244 (CVE-2011-1002). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id52454
    published2011-02-25
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52454
    titleMandriva Linux Security Advisory : avahi (MDVSA-2011:037)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-3033.NASL
    descriptionFixes CVE-2011-1002 among other smaller things Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id52664
    published2011-03-15
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52664
    titleFedora 15 : avahi-0.6.29-1.fc15 (2011-3033)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-10584.NASL
    descriptionFix for CVE-2010-2244. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47610
    published2010-07-07
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47610
    titleFedora 12 : avahi-0.6.25-7.fc12 (2010-10584)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-10581.NASL
    descriptionFix for CVE-2010-2244. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47609
    published2010-07-07
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47609
    titleFedora 13 : avahi-0.6.25-7.fc13 (2010-10581)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_8B986A054DBE11E08B9A02E0184B8D35.NASL
    descriptionAvahi developers reports : A vulnerability has been reported in Avahi, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing certain UDP packets, which can be exploited to trigger an infinite loop by e.g. sending an empty packet to port 5353/UDP.
    last seen2020-06-01
    modified2020-06-02
    plugin id52666
    published2011-03-15
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52666
    titleFreeBSD : avahi -- denial of service (8b986a05-4dbe-11e0-8b9a-02e0184b8d35)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0622.NASL
    descriptionUpdated rhev-hypervisor packages that fix multiple security issues and two bugs are now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was found that the libspice component of QEMU-KVM on the host did not validate all pointers provided from a guest system
    last seen2020-06-01
    modified2020-06-02
    plugin id79276
    published2014-11-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79276
    titleRHEL 5 : rhev-hypervisor (RHSA-2010:0622)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201110-17.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201110-17 (Avahi: Denial of Service) Multiple vulnerabilities have been discovered in Avahi. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id56592
    published2011-10-24
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56592
    titleGLSA-201110-17 : Avahi: Denial of Service
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0528.NASL
    descriptionUpdated avahi packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with corrupted checksums. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to exit unexpectedly via specially crafted mDNS packets. (CVE-2010-2244) A flaw was found in the way avahi-daemon processed incoming unicast mDNS messages. If the mDNS reflector were enabled on a system, an attacker on the local network could send a specially crafted unicast mDNS message to that system, resulting in its avahi-daemon flooding the network with a multicast packet storm, and consuming a large amount of CPU. Note: The mDNS reflector is disabled by default. (CVE-2009-0758) All users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, avahi-daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id47739
    published2010-07-16
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47739
    titleCentOS 5 : avahi (CESA-2010:0528)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-204.NASL
    descriptionA vulnerability was discovered and corrected in avahi : The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081 (CVE-2010-2244). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id49989
    published2010-10-15
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49989
    titleMandriva Linux Security Advisory : avahi (MDVSA-2010:204)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100713_AVAHI_ON_SL5_X.NASL
    descriptionA flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with corrupted checksums. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to exit unexpectedly via specially crafted mDNS packets. (CVE-2010-2244) A flaw was found in the way avahi-daemon processed incoming unicast mDNS messages. If the mDNS reflector were enabled on a system, an attacker on the local network could send a specially crafted unicast mDNS message to that system, resulting in its avahi-daemon flooding the network with a multicast packet storm, and consuming a large amount of CPU. Note: The mDNS reflector is disabled by default. (CVE-2009-0758) After installing the update, avahi-daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id60814
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60814
    titleScientific Linux Security Update : avahi on SL5.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0528.NASL
    descriptionUpdated avahi packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with corrupted checksums. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to exit unexpectedly via specially crafted mDNS packets. (CVE-2010-2244) A flaw was found in the way avahi-daemon processed incoming unicast mDNS messages. If the mDNS reflector were enabled on a system, an attacker on the local network could send a specially crafted unicast mDNS message to that system, resulting in its avahi-daemon flooding the network with a multicast packet storm, and consuming a large amount of CPU. Note: The mDNS reflector is disabled by default. (CVE-2009-0758) All users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, avahi-daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id47874
    published2010-07-28
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47874
    titleRHEL 5 : avahi (RHSA-2010:0528)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-11588.NASL
    descriptionFixes CVE-2011-1002. The MITRE CVE dictionary describes this issue as : avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. Find out more about CVE-2011-1002 from the MITRE CVE dictionary and NIST NVD. This also disables gtk3 support. Unfortunately gtk3 support in F14 is broken and Avahi cannot be compiled against it. Since gtk3 will not be fixed in F14 anymore and nobody uses it we instead disable it in Avahi. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56151
    published2011-09-12
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56151
    titleFedora 14 : avahi-0.6.27-8.fc14 (2011-11588)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0528.NASL
    descriptionFrom Red Hat Security Advisory 2010:0528 : Updated avahi packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with corrupted checksums. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to exit unexpectedly via specially crafted mDNS packets. (CVE-2010-2244) A flaw was found in the way avahi-daemon processed incoming unicast mDNS messages. If the mDNS reflector were enabled on a system, an attacker on the local network could send a specially crafted unicast mDNS message to that system, resulting in its avahi-daemon flooding the network with a multicast packet storm, and consuming a large amount of CPU. Note: The mDNS reflector is disabled by default. (CVE-2009-0758) All users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, avahi-daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id68061
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68061
    titleOracle Linux 5 : avahi (ELSA-2010-0528)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2086.NASL
    descriptionSeveral vulnerabilities have been discovered in the Avahi mDNS/DNS-SD daemon. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0758 Rob Leslie discovered a denial of service vulnerability in the code used to reflect unicast mDNS traffic. - CVE-2010-2244 Ludwig Nussel discovered a denial of service vulnerability in the processing of malformed DNS packets.
    last seen2020-06-01
    modified2020-06-02
    plugin id48248
    published2010-08-05
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/48248
    titleDebian DSA-2086-1 : avahi - several vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-992-1.NASL
    descriptionIt was discovered that Avahi incorrectly handled certain mDNS query packets when the reflector feature is enabled, which is not the default configuration on Ubuntu. A remote attacker could send crafted mDNS queries and perform a denial of service on the server and on the network. This issue only affected Ubuntu 8.04 LTS and 9.04. (CVE-2009-0758) It was discovered that Avahi incorrectly handled mDNS packets with corrupted checksums. A remote attacker could send crafted mDNS packets and cause Avahi to crash, resulting in a denial of service. (CVE-2010-2244). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49761
    published2010-10-06
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49761
    titleUbuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : avahi vulnerabilities (USN-992-1)

Redhat

advisories
bugzilla
id607293
titleCVE-2010-2244 avahi: assertion failure after receiving a packet with corrupted checksum
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentavahi-compat-howl-devel is earlier than 0:0.6.16-9.el5_5
          ovaloval:com.redhat.rhsa:tst:20100528001
        • commentavahi-compat-howl-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20090013014
      • AND
        • commentavahi-compat-libdns_sd is earlier than 0:0.6.16-9.el5_5
          ovaloval:com.redhat.rhsa:tst:20100528003
        • commentavahi-compat-libdns_sd is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20090013016
      • AND
        • commentavahi-compat-libdns_sd-devel is earlier than 0:0.6.16-9.el5_5
          ovaloval:com.redhat.rhsa:tst:20100528005
        • commentavahi-compat-libdns_sd-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20090013022
      • AND
        • commentavahi-glib-devel is earlier than 0:0.6.16-9.el5_5
          ovaloval:com.redhat.rhsa:tst:20100528007
        • commentavahi-glib-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20090013012
      • AND
        • commentavahi-devel is earlier than 0:0.6.16-9.el5_5
          ovaloval:com.redhat.rhsa:tst:20100528009
        • commentavahi-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20090013002
      • AND
        • commentavahi is earlier than 0:0.6.16-9.el5_5
          ovaloval:com.redhat.rhsa:tst:20100528011
        • commentavahi is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20090013008
      • AND
        • commentavahi-glib is earlier than 0:0.6.16-9.el5_5
          ovaloval:com.redhat.rhsa:tst:20100528013
        • commentavahi-glib is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20090013006
      • AND
        • commentavahi-qt3-devel is earlier than 0:0.6.16-9.el5_5
          ovaloval:com.redhat.rhsa:tst:20100528015
        • commentavahi-qt3-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20090013010
      • AND
        • commentavahi-qt3 is earlier than 0:0.6.16-9.el5_5
          ovaloval:com.redhat.rhsa:tst:20100528017
        • commentavahi-qt3 is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20090013018
      • AND
        • commentavahi-tools is earlier than 0:0.6.16-9.el5_5
          ovaloval:com.redhat.rhsa:tst:20100528019
        • commentavahi-tools is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20090013020
      • AND
        • commentavahi-compat-howl is earlier than 0:0.6.16-9.el5_5
          ovaloval:com.redhat.rhsa:tst:20100528021
        • commentavahi-compat-howl is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20090013004
rhsa
idRHSA-2010:0528
released2010-07-13
severityModerate
titleRHSA-2010:0528: avahi security update (Moderate)
rpms
  • avahi-0:0.6.16-9.el5_5
  • avahi-compat-howl-0:0.6.16-9.el5_5
  • avahi-compat-howl-devel-0:0.6.16-9.el5_5
  • avahi-compat-libdns_sd-0:0.6.16-9.el5_5
  • avahi-compat-libdns_sd-devel-0:0.6.16-9.el5_5
  • avahi-debuginfo-0:0.6.16-9.el5_5
  • avahi-devel-0:0.6.16-9.el5_5
  • avahi-glib-0:0.6.16-9.el5_5
  • avahi-glib-devel-0:0.6.16-9.el5_5
  • avahi-qt3-0:0.6.16-9.el5_5
  • avahi-qt3-devel-0:0.6.16-9.el5_5
  • avahi-tools-0:0.6.16-9.el5_5

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 41075 CVE ID: CVE-2010-2244 Avahi是用于简化在本地网络中发现服务的工具。 Avahi的avahi-core/socket.c文件中的avahi_recv_dns_packet_ipv4()和 avahi_recv_dns_packet_ipv6()函数没有正确地处理畸形DNS报文,远程攻击者可以通过发送一个带有错误校验和的DNS报文之后立即跟随一个带有正确校验和的DNS报文触发assertion错误,导致服务终止。 Avahi < 0.6.26 厂商补丁: Avahi ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://avahi.org/milestone/Avahi%200.6.26
idSSV:19923
last seen2017-11-19
modified2010-07-08
published2010-07-08
reporterRoot
titleAvahi avahi-core/socket.c文件畸形DNS报文拒绝服务漏洞