Vulnerabilities > CVE-2011-1002 - Infinite Loop vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-037.NASL description A vulnerability has been found and corrected in avahi : avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244 (CVE-2011-1002). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 52454 published 2011-02-25 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52454 title Mandriva Linux Security Advisory : avahi (MDVSA-2011:037) NASL family Fedora Local Security Checks NASL id FEDORA_2011-3033.NASL description Fixes CVE-2011-1002 among other smaller things Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 52664 published 2011-03-15 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52664 title Fedora 15 : avahi-0.6.29-1.fc15 (2011-3033) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0436.NASL description Updated avahi packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with an empty payload. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to enter an infinite loop via an empty mDNS UDP packet. (CVE-2011-1002) All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, avahi-daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 53400 published 2011-04-13 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53400 title RHEL 5 : avahi (RHSA-2011:0436) NASL family Scientific Linux Local Security Checks NASL id SL_20110519_AVAHI_ON_SL6_X.NASL description Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with an empty payload. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to enter an infinite loop via an empty mDNS UDP packet. (CVE-2011-1002) This update also fixes the following bug : - Previously, the avahi packages in Scientific Linux 6 were not compiled with standard RPM CFLAGS; therefore, the Stack Protector and Fortify Source protections were not enabled, and the debuginfo packages did not contain the information required for debugging. This update corrects this issue by using proper CFLAGS when compiling the packages. (BZ#629954, BZ#684276) All users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the update, avahi-daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 61038 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61038 title Scientific Linux Security Update : avahi on SL6.x i386/x86_64 NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_8B986A054DBE11E08B9A02E0184B8D35.NASL description Avahi developers reports : A vulnerability has been reported in Avahi, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing certain UDP packets, which can be exploited to trigger an infinite loop by e.g. sending an empty packet to port 5353/UDP. last seen 2020-06-01 modified 2020-06-02 plugin id 52666 published 2011-03-15 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52666 title FreeBSD : avahi -- denial of service (8b986a05-4dbe-11e0-8b9a-02e0184b8d35) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-17.NASL description The remote host is affected by the vulnerability described in GLSA-201110-17 (Avahi: Denial of Service) Multiple vulnerabilities have been discovered in Avahi. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56592 published 2011-10-24 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56592 title GLSA-201110-17 : Avahi: Denial of Service NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0436.NASL description Updated avahi packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with an empty payload. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to enter an infinite loop via an empty mDNS UDP packet. (CVE-2011-1002) All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, avahi-daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 53434 published 2011-04-15 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53434 title CentOS 5 : avahi (CESA-2011:0436) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1084-1.NASL description It was discovered that Avahi incorrectly handled empty UDP packets. A remote attacker could send a specially crafted packet and cause Avahi to hang, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 52580 published 2011-03-08 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52580 title Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : avahi vulnerability (USN-1084-1) NASL family SuSE Local Security Checks NASL id SUSE_11_2_AVAHI-110228.NASL description This update fixes a remote denial of service in the avahi daemon that can be triggered remotely via a null UDP packet. CVE-2011-1002: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Resource Management Errors (CWE-399) last seen 2020-06-01 modified 2020-06-02 plugin id 53697 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53697 title openSUSE Security Update : avahi (openSUSE-SU-2011:0149-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-040.NASL description A vulnerability has been found and corrected in pango : It was discovered that pango did not check for memory reallocation failures in hb_buffer_ensure() function. This could trigger a NULL pointer dereference in hb_buffer_add_glyph(), where possibly untrusted input is used as an index used for accessing members of the incorrectly reallocated array, resulting in the use of NULL address as the base array address. This can result in application crash or, possibly, code execution (CVE-2011-0064). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 52541 published 2011-03-04 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52541 title Mandriva Linux Security Advisory : pango (MDVSA-2011:040) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0779.NASL description Updated avahi packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with an empty payload. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to enter an infinite loop via an empty mDNS UDP packet. (CVE-2011-1002) This update also fixes the following bug : * Previously, the avahi packages in Red Hat Enterprise Linux 6 were not compiled with standard RPM CFLAGS; therefore, the Stack Protector and Fortify Source protections were not enabled, and the debuginfo packages did not contain the information required for debugging. This update corrects this issue by using proper CFLAGS when compiling the packages. (BZ#629954, BZ#684276) All users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the update, avahi-daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 54600 published 2011-05-20 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/54600 title RHEL 6 : avahi (RHSA-2011:0779) NASL family Scientific Linux Local Security Checks NASL id SL_20110412_AVAHI_ON_SL5_X.NASL description A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with an empty payload. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to enter an infinite loop via an empty mDNS UDP packet. (CVE-2011-1002) After installing the update, avahi-daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 61017 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61017 title Scientific Linux Security Update : avahi on SL5.x i386/x86_64 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0436.NASL description From Red Hat Security Advisory 2011:0436 : Updated avahi packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with an empty payload. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to enter an infinite loop via an empty mDNS UDP packet. (CVE-2011-1002) All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, avahi-daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68255 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68255 title Oracle Linux 5 : avahi (ELSA-2011-0436) NASL family Fedora Local Security Checks NASL id FEDORA_2011-11588.NASL description Fixes CVE-2011-1002. The MITRE CVE dictionary describes this issue as : avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. Find out more about CVE-2011-1002 from the MITRE CVE dictionary and NIST NVD. This also disables gtk3 support. Unfortunately gtk3 support in F14 is broken and Avahi cannot be compiled against it. Since gtk3 will not be fixed in F14 anymore and nobody uses it we instead disable it in Avahi. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56151 published 2011-09-12 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56151 title Fedora 14 : avahi-0.6.27-8.fc14 (2011-11588) NASL family SuSE Local Security Checks NASL id SUSE_11_3_AVAHI-110228.NASL description This update fixes a remote denial of service in the avahi daemon that can be triggered remotely via a null UDP packet. CVE-2011-1002: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Resource Management Errors (CWE-399) last seen 2020-06-01 modified 2020-06-02 plugin id 75435 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75435 title openSUSE Security Update : avahi (openSUSE-SU-2011:0149-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2174.NASL description It was discovered that Avahi, an implementation of the zeroconf protocol, can be crashed remotely by a single UDP packet, which may result in a denial of service. last seen 2020-03-17 modified 2011-03-01 plugin id 52462 published 2011-03-01 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52462 title Debian DSA-2174-1 : avahi - denial of service
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://avahi.org/ticket/325
- http://www.securityfocus.com/bid/46446
- http://openwall.com/lists/oss-security/2011/02/18/4
- http://openwall.com/lists/oss-security/2011/02/18/1
- https://bugzilla.redhat.com/show_bug.cgi?id=667187
- http://secunia.com/advisories/43361
- http://www.vupen.com/english/advisories/2011/0448
- http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/
- http://www.openwall.com/lists/oss-security/2011/02/22/9
- http://www.vupen.com/english/advisories/2011/0499
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:037
- http://www.vupen.com/english/advisories/2011/0565
- http://ubuntu.com/usn/usn-1084-1
- http://secunia.com/advisories/43465
- http://www.vupen.com/english/advisories/2011/0511
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:040
- http://www.vupen.com/english/advisories/2011/0601
- http://secunia.com/advisories/43673
- http://secunia.com/advisories/43605
- http://osvdb.org/70948
- http://www.debian.org/security/2011/dsa-2174
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html
- http://www.vupen.com/english/advisories/2011/0670
- http://secunia.com/advisories/44131
- http://www.vupen.com/english/advisories/2011/0969
- http://www.redhat.com/support/errata/RHSA-2011-0436.html
- http://www.redhat.com/support/errata/RHSA-2011-0779.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65525
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65524
- http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6