CVE-2011-1002
First published: Tue Jan 04 2011(Updated: )
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avahi Avahi | =0.6.25 | |
| Avahi Avahi | =0.6.5 | |
| Avahi Avahi | =0.6.20 | |
| Avahi Avahi | =0.6.19 | |
| Avahi Avahi | =0.5.2 | |
| Avahi Avahi | =0.6.1 | |
| Avahi Avahi | =0.6.13 | |
| Avahi Avahi | =0.6.15 | |
| Avahi Avahi | =0.6.7 | |
| Avahi Avahi | =0.6.17 | |
| Avahi Avahi | =0.6.16 | |
| Avahi Avahi | =0.3 | |
| Avahi Avahi | <=0.6.28 | |
| Avahi Avahi | =0.6.24 | |
| Avahi Avahi | =0.6.23 | |
| Avahi Avahi | =0.6.9 | |
| Avahi Avahi | =0.2 | |
| Avahi Avahi | =0.1 | |
| Avahi Avahi | =0.6.14 | |
| Avahi Avahi | =0.6.10 | |
| Avahi Avahi | =0.6.27 | |
| Avahi Avahi | =0.6.6 | |
| Avahi Avahi | =0.5 | |
| Avahi Avahi | =0.6.22 | |
| Avahi Avahi | =0.6.4 | |
| Avahi Avahi | =0.6.11 | |
| Avahi Avahi | =0.6.3 | |
| Avahi Avahi | =0.6.8 | |
| Avahi Avahi | =0.6.18 | |
| Avahi Avahi | =0.6.12 | |
| Avahi Avahi | =0.4 | |
| Avahi Avahi | =0.6.21 | |
| Avahi Avahi | =0.6.2 | |
| Avahi Avahi | =0.5.1 | |
| Avahi Avahi | =0.6.26 | |
| redhat/avahi | <0:0.6.16-10.el5_6 | 0:0.6.16-10.el5_6 |
| redhat/avahi | <0:0.6.25-11.el6 | 0:0.6.25-11.el6 |
| Fedoraproject Fedora | =15 | |
| Redhat Enterprise Linux | =5.0 | |
| Redhat Enterprise Linux | =6.0 | |
| Canonical Ubuntu Linux | =8.04 | |
| Canonical Ubuntu Linux | =9.10 | |
| Canonical Ubuntu Linux | =10.04 | |
| Canonical Ubuntu Linux | =10.10 | |
| Debian Debian Linux | =5.0 | |
| Debian Debian Linux | =6.0 | |
| Debian Debian Linux | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://avahi.org/ticket/325
- http://www.securityfocus.com/bid/46446
- http://openwall.com/lists/oss-security/2011/02/18/4
- http://openwall.com/lists/oss-security/2011/02/18/1
- https://bugzilla.redhat.com/show_bug.cgi?id=667187
- http://secunia.com/advisories/43361
- http://www.vupen.com/english/advisories/2011/0448
- http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/
- http://www.openwall.com/lists/oss-security/2011/02/22/9
- http://www.vupen.com/english/advisories/2011/0499
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:037
- http://www.vupen.com/english/advisories/2011/0565
- http://ubuntu.com/usn/usn-1084-1
- http://secunia.com/advisories/43465
- http://www.vupen.com/english/advisories/2011/0511
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:040
- http://www.vupen.com/english/advisories/2011/0601
- http://secunia.com/advisories/43673
- http://secunia.com/advisories/43605
- http://osvdb.org/70948
- http://www.debian.org/security/2011/dsa-2174
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html
- http://www.vupen.com/english/advisories/2011/0670
- http://secunia.com/advisories/44131
- http://www.vupen.com/english/advisories/2011/0969
- http://www.redhat.com/support/errata/RHSA-2011-0436.html
- http://www.redhat.com/support/errata/RHSA-2011-0779.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65525
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65524
- http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6
- https://www.cve.org/CVERecord?id=CVE-2011-1002 https://nvd.nist.gov/vuln/detail/CVE-2011-1002
- https://access.redhat.com/errata/RHSA-2011:0436
- https://access.redhat.com/errata/RHSA-2011:0779
- https://access.redhat.com/security/cve/CVE-2011-1002
- collector/nvd-historical
- collector/redhat-cve
- collector/nvd-index
- collector/nvd-api
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/weakness
- collector/mitre-cve
- source/MITRE
- vendor/avahi
- canonical/avahi avahi
- version/avahi avahi/0.6.25
- version/avahi avahi/0.6.5
- version/avahi avahi/0.6.20
- version/avahi avahi/0.6.19
- version/avahi avahi/0.5.2
- version/avahi avahi/0.6.1
- version/avahi avahi/0.6.13
- version/avahi avahi/0.6.15
- version/avahi avahi/0.6.7
- version/avahi avahi/0.6.17
- version/avahi avahi/0.6.16
- version/avahi avahi/0.3
- version/avahi avahi/0.6.28
- version/avahi avahi/0.6.24
- version/avahi avahi/0.6.23
- version/avahi avahi/0.6.9
- version/avahi avahi/0.2
- version/avahi avahi/0.1
- version/avahi avahi/0.6.14
- version/avahi avahi/0.6.10
- version/avahi avahi/0.6.27
- version/avahi avahi/0.6.6
- version/avahi avahi/0.5
- version/avahi avahi/0.6.22
- version/avahi avahi/0.6.4
- version/avahi avahi/0.6.11
- version/avahi avahi/0.6.3
- version/avahi avahi/0.6.8
- version/avahi avahi/0.6.18
- version/avahi avahi/0.6.12
- version/avahi avahi/0.4
- version/avahi avahi/0.6.21
- version/avahi avahi/0.6.2
- version/avahi avahi/0.5.1
- version/avahi avahi/0.6.26
- package-manager/redhat
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/15
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/5.0
- version/redhat enterprise linux/6.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/8.04
- version/canonical ubuntu linux/9.10
- version/canonical ubuntu linux/10.04
- version/canonical ubuntu linux/10.10
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/5.0
- version/debian debian linux/6.0
- version/debian debian linux/7.0