CVE-2011-1002 Information
Share on:Description
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
Reference
http://avahi.org/ticket/325 http://git.0pointer.de/?p=avahi.git;a=commit;h=46109dfec75534fe270c0ab902576f685d5ab3a6 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://openwall.com/lists/oss-security/2011/02/18/1 http://openwall.com/lists/oss-security/2011/02/18/4 http://osvdb.org/70948 http://secunia.com/advisories/43361 http://secunia.com/advisories/43465 http://secunia.com/advisories/43605 http://secunia.com/advisories/43673 http://secunia.com/advisories/44131 http://ubuntu.com/usn/usn-1084-1 http://www.debian.org/security/2011/dsa-2174 http://www.mandriva.com/security/advisories?name=MDVSA-2011:037 http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 http://www.openwall.com/lists/oss-security/2011/02/22/9 http://www.redhat.com/support/errata/RHSA-2011-0436.html http://www.redhat.com/support/errata/RHSA-2011-0779.html http://www.securityfocus.com/bid/46446 http://www.vupen.com/english/advisories/2011/0448 http://www.vupen.com/english/advisories/2011/0499 http://www.vupen.com/english/advisories/2011/0511 http://www.vupen.com/english/advisories/2011/0565 http://www.vupen.com/english/advisories/2011/0601 http://www.vupen.com/english/advisories/2011/0670 http://www.vupen.com/english/advisories/2011/0969 http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/ https://bugzilla.redhat.com/show_bug.cgi?id=667187 https://exchange.xforce.ibmcloud.com/vulnerabilities/65524 https://exchange.xforce.ibmcloud.com/vulnerabilities/65525