REDHAT-BUG-2326429
First published: Fri Nov 15 2024(Updated: )
The sequential increment of DNS transaction IDs makes Avahi vulnerable to DNS spoofing, allowing attackers to inject malicious DNS records. This can compromise the integrity of DNS responses, redirecting users to potentially harmful domains. This vulnerability poses a greater risk as it directly undermines the integrity of DNS resolution, affecting all systems using Avahi for wide-area DNS queries unless mitigations are applied.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avahi AutoIP Daemon |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2326429?
The severity of REDHAT-BUG-2326429 is high due to its potential for facilitating DNS spoofing attacks.
How do I fix REDHAT-BUG-2326429?
To fix REDHAT-BUG-2326429, update Avahi to the latest version that addresses this vulnerability.
What systems are affected by REDHAT-BUG-2326429?
REDHAT-BUG-2326429 affects systems running the Avahi service.
Can REDHAT-BUG-2326429 lead to data compromise?
Yes, REDHAT-BUG-2326429 can lead to data compromise by allowing attackers to redirect users to malicious domains.
What is the impact of exploiting REDHAT-BUG-2326429?
Exploiting REDHAT-BUG-2326429 allows attackers to inject malicious DNS records, compromising the integrity of DNS responses.
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-52616
- agent/severity
- agent/last-modified-date
- agent/references
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/avahi
- canonical/avahi autoip daemon