First published: Fri Feb 24 2017(Updated: )
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/avahi | <0.7-3.1ubuntu1.2 | 0.7-3.1ubuntu1.2 |
ubuntu/avahi | <0.7-4ubuntu2.1 | 0.7-4ubuntu2.1 |
ubuntu/avahi | <0.6.31-4ubuntu1.3 | 0.6.31-4ubuntu1.3 |
ubuntu/avahi | <0.6.32~ | 0.6.32~ |
ubuntu/avahi | <0.8 | 0.8 |
<=0.6.32 | ||
=0.7 | ||
=12.04 | ||
=14.04 | ||
=16.04 | ||
=18.04 | ||
=18.10 | ||
Avahi Avahi | <=0.6.32 | |
Avahi Avahi | =0.7 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
debian/avahi | <=0.7-4+deb10u1<=0.7-4+deb10u3 | 0.8-5+deb11u2 0.8-10 0.8-13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.