L'équipe Vigil@nce veille les vulnérabilités publiques qui affectent votre parc informatique, puis propose des correctifs sécurité, une base de données de vigilance et des outils pour y remédier.

Vulnérabilité de Avahi : déni de service via D-Bus

Synthèse de la vulnérabilité 

Un attaquant local peut stopper le démon Avahi en employant un message D-Bus spécial.
Produits vulnérables : Avahi, Debian, Mandriva Linux, openSUSE, SLES.
Gravité de cette faille : 1/4.
Date de création : 18/09/2007.
Références de ce bulletin : BID-24614, CVE-2007-3372, DSA-1690-1, MDKSA-2007:185, SUSE-SR:2007:014, VIGILANCE-VUL-7176.

Description de la vulnérabilité 

Le système Avahi permet de découvrir les services offerts par le réseau local.

L'environnement D-Bus permet aux applications d'échanger des informations. Il est basé sur un démon et une bibliothèque que les applications emploient. Avahi utilise D-Bus.

Un attaquant peut envoyer un message D-Bus avec un champ TXT vide afin de provoquer une erreur d'assertion dans Avahi. Cette erreur stoppe le démon.

Un attaquant local peut ainsi mener un déni de service.
Bulletin complet, filtrage par logiciel, emails, correctifs, ... (Demandez votre essai gratuit)

Cet avis de menace informatique concerne les logiciels ou systèmes comme Avahi, Debian, Mandriva Linux, openSUSE, SLES.

Notre équipe Vigil@nce a déterminé que la gravité de ce bulletin cyber-sécurité est faible.

Le niveau de confiance est de type confirmé par l'éditeur, avec une provenance de compte utilisateur.

Un attaquant avec un niveau de compétence expert peut exploiter cette alerte de faille.

Solutions pour cette menace 

Avahi : version 0.6.20.
La version 0.6.20 est corrigée :
  http://avahi.org/

Debian : nouveaux paquetages avahi.
De nouveaux paquetages sont disponibles :
  http://security.debian.org/pool/updates/main/a/avahi/avahi*_0.6.16-3etch2_*.deb

Mandriva : nouveaux paquetages avahi.
De nouveaux paquetages sont disponibles :
 Mandriva Linux 2007.0:
 9b42ab7d33f6f3645ffb1d8c10f2b7be 2007.0/i586/avahi-0.6.13-4.3mdv2007.0.i586.rpm
 3dd8f44477109b6be1937d027c04334f 2007.0/i586/avahi-dnsconfd-0.6.13-4.3mdv2007.0.i586.rpm
 61d1ad9658ee265ace14d11ec319feb3 2007.0/i586/avahi-python-0.6.13-4.3mdv2007.0.i586.rpm
 4b2442311c56146a8769d271705835a3 2007.0/i586/avahi-sharp-0.6.13-4.3mdv2007.0.i586.rpm
 6c65b69658bf5fba762baceb8d54c618 2007.0/i586/avahi-x11-0.6.13-4.3mdv2007.0.i586.rpm
 8974d63f0c51d711c64476f23de79091 2007.0/i586/libavahi-client3-0.6.13-4.3mdv2007.0.i586.rpm
 653beb7c63bd95a2ff04420ce45cfb3c 2007.0/i586/libavahi-client3-devel-0.6.13-4.3mdv2007.0.i586.rpm
 d57e3395370d334c3d0389b5d27f69ee 2007.0/i586/libavahi-common3-0.6.13-4.3mdv2007.0.i586.rpm
 9033a6df7041a041c994cb69615ba62f 2007.0/i586/libavahi-common3-devel-0.6.13-4.3mdv2007.0.i586.rpm
 bd4189a93e747941a4b65fb93f7cde38 2007.0/i586/libavahi-compat-howl0-0.6.13-4.3mdv2007.0.i586.rpm
 884f7d0baf1af89fe6e3975975555d41 2007.0/i586/libavahi-compat-howl0-devel-0.6.13-4.3mdv2007.0.i586.rpm
 1f50ca143a4fbbf6cada79fc4f736c29 2007.0/i586/libavahi-compat-libdns_sd1-0.6.13-4.3mdv2007.0.i586.rpm
 b4fbae18da3a0823c073a71b917a36fe 2007.0/i586/libavahi-compat-libdns_sd1-devel-0.6.13-4.3mdv2007.0.i586.rpm
 7331d7cde7c5184a0da289639182df6f 2007.0/i586/libavahi-core4-0.6.13-4.3mdv2007.0.i586.rpm
 3a5e26980894b846ebf960d5f50d21cc 2007.0/i586/libavahi-core4-devel-0.6.13-4.3mdv2007.0.i586.rpm
 b9c5809919acd3fd33c148dfa3c91959 2007.0/i586/libavahi-glib1-0.6.13-4.3mdv2007.0.i586.rpm
 d42c43448e010d0b75f561d276402dff 2007.0/i586/libavahi-glib1-devel-0.6.13-4.3mdv2007.0.i586.rpm
 c7f30225b0153e555466b6ee37a857d3 2007.0/i586/libavahi-qt3_1-0.6.13-4.3mdv2007.0.i586.rpm
 abe726ef80d631e068eef0b73eb1cd76 2007.0/i586/libavahi-qt3_1-devel-0.6.13-4.3mdv2007.0.i586.rpm
 263c40aeddc7aa56284dcccd94061b83 2007.0/i586/libavahi-qt4_1-0.6.13-4.3mdv2007.0.i586.rpm
 6165066dd59ecd5e965b8cc9a6794b3e 2007.0/i586/libavahi-qt4_1-devel-0.6.13-4.3mdv2007.0.i586.rpm
 a078edca8e651bd288b99eb071c477a4 2007.0/SRPMS/avahi-0.6.13-4.3mdv2007.0.src.rpm
 Mandriva Linux 2007.0/X86_64:
 32bdcbf34c11d3b568660f1269f7739f 2007.0/x86_64/avahi-0.6.13-4.3mdv2007.0.x86_64.rpm
 119731a972772a866be55a8a3794d6e8 2007.0/x86_64/avahi-dnsconfd-0.6.13-4.3mdv2007.0.x86_64.rpm
 54bb90936d710ffe021eaa327bf906cc 2007.0/x86_64/avahi-python-0.6.13-4.3mdv2007.0.x86_64.rpm
 c627d10f177aec68260e96c2fbebf302 2007.0/x86_64/avahi-sharp-0.6.13-4.3mdv2007.0.x86_64.rpm
 e03e889615e72e05fa159ca33ce8652f 2007.0/x86_64/avahi-x11-0.6.13-4.3mdv2007.0.x86_64.rpm
 0818f91e8d83fc4bffd753218b14b7d8 2007.0/x86_64/lib64avahi-client3-0.6.13-4.3mdv2007.0.x86_64.rpm
 f63e399dee05af7c36fd477a2b1965c5 2007.0/x86_64/lib64avahi-client3-devel-0.6.13-4.3mdv2007.0.x86_64.rpm
 96e1032970e9a5df235c9457d69f6363 2007.0/x86_64/lib64avahi-common3-0.6.13-4.3mdv2007.0.x86_64.rpm
 027aecd334aadac0c7789b6e70ef96c6 2007.0/x86_64/lib64avahi-common3-devel-0.6.13-4.3mdv2007.0.x86_64.rpm
 c09888641a61a677cbfad98fe185ce5a 2007.0/x86_64/lib64avahi-compat-howl0-0.6.13-4.3mdv2007.0.x86_64.rpm
 b202d3105c17842df5280e220e09eceb 2007.0/x86_64/lib64avahi-compat-howl0-devel-0.6.13-4.3mdv2007.0.x86_64.rpm
 06b9daaa3516cfd3a11c852a9704a3b2 2007.0/x86_64/lib64avahi-compat-libdns_sd1-0.6.13-4.3mdv2007.0.x86_64.rpm
 0f21e479c3adf79e5f2b85317e0543f1 2007.0/x86_64/lib64avahi-compat-libdns_sd1-devel-0.6.13-4.3mdv2007.0.x86_64.rpm
 aa9db148a186ca2fcd1d248b555962b2 2007.0/x86_64/lib64avahi-core4-0.6.13-4.3mdv2007.0.x86_64.rpm
 3e0b6921ea49c48f7ce07a661cab7547 2007.0/x86_64/lib64avahi-core4-devel-0.6.13-4.3mdv2007.0.x86_64.rpm
 482416289f4fa44c9802b496b9d32b43 2007.0/x86_64/lib64avahi-glib1-0.6.13-4.3mdv2007.0.x86_64.rpm
 ee224788f649a439cc7da2b8de29944e 2007.0/x86_64/lib64avahi-glib1-devel-0.6.13-4.3mdv2007.0.x86_64.rpm
 53c2ccc7e6c378ee9c79847b17038c40 2007.0/x86_64/lib64avahi-qt3_1-0.6.13-4.3mdv2007.0.x86_64.rpm
 21d19035cd5e813004f3cc5cff646087 2007.0/x86_64/lib64avahi-qt3_1-devel-0.6.13-4.3mdv2007.0.x86_64.rpm
 2519453410006dc4dcd63b3156260dad 2007.0/x86_64/lib64avahi-qt4_1-0.6.13-4.3mdv2007.0.x86_64.rpm
 476cf9a62a1fa5aeb5337c87218fca4c 2007.0/x86_64/lib64avahi-qt4_1-devel-0.6.13-4.3mdv2007.0.x86_64.rpm
 a078edca8e651bd288b99eb071c477a4 2007.0/SRPMS/avahi-0.6.13-4.3mdv2007.0.src.rpm
 Mandriva Linux 2007.1:
 c594af2bfa6689a7c1b7f2484a8df77c 2007.1/i586/avahi-0.6.17-1.1mdv2007.1.i586.rpm
 e64c0e737ff84c31a8388f3598ece7ad 2007.1/i586/avahi-dnsconfd-0.6.17-1.1mdv2007.1.i586.rpm
 35a3d319e3f965f9455348a429cb2a1d 2007.1/i586/avahi-python-0.6.17-1.1mdv2007.1.i586.rpm
 7eef255b2b10b533bf0e1c5533231dc7 2007.1/i586/avahi-sharp-0.6.17-1.1mdv2007.1.i586.rpm
 e9dde153e07ccb5a787bd09e35504569 2007.1/i586/avahi-sharp-doc-0.6.17-1.1mdv2007.1.i586.rpm
 26c0756132d203f7ed537a8dc08b53f7 2007.1/i586/avahi-x11-0.6.17-1.1mdv2007.1.i586.rpm
 ad9509ae2da5a5b25a803ba4968e55d6 2007.1/i586/libavahi-client3-0.6.17-1.1mdv2007.1.i586.rpm
 afaf9c8cce51732b7d720c6df2ae27ca 2007.1/i586/libavahi-client3-devel-0.6.17-1.1mdv2007.1.i586.rpm
 b632147727b3de90fcbb0f6b3e559000 2007.1/i586/libavahi-common3-0.6.17-1.1mdv2007.1.i586.rpm
 adc5e726a7b336e1efde4af3cfb39b0c 2007.1/i586/libavahi-common3-devel-0.6.17-1.1mdv2007.1.i586.rpm
 e88e78d56ea604fa2d9c532bfe1f3b70 2007.1/i586/libavahi-compat-howl0-0.6.17-1.1mdv2007.1.i586.rpm
 7c03e4baeb6428241525f26019b882b1 2007.1/i586/libavahi-compat-howl0-devel-0.6.17-1.1mdv2007.1.i586.rpm
 7ee801d00907ce22e2c8a046850383e4 2007.1/i586/libavahi-compat-libdns_sd1-0.6.17-1.1mdv2007.1.i586.rpm
 6ff64a5037ad4186f6481e8caf0bd59a 2007.1/i586/libavahi-compat-libdns_sd1-devel-0.6.17-1.1mdv2007.1.i586.rpm
 52562b6216a33f8da91cc4516c1f3072 2007.1/i586/libavahi-core5-0.6.17-1.1mdv2007.1.i586.rpm
 f7ecaf7c04e3acdb9dac3acd8098b2fb 2007.1/i586/libavahi-core5-devel-0.6.17-1.1mdv2007.1.i586.rpm
 00acc02c435ae6b59649f86b0e99d440 2007.1/i586/libavahi-glib1-0.6.17-1.1mdv2007.1.i586.rpm
 c44fb1ae2de3123f9dcca4a0b7eb2374 2007.1/i586/libavahi-glib1-devel-0.6.17-1.1mdv2007.1.i586.rpm
 b42d69062ad05624b179a02b5efec117 2007.1/i586/libavahi-qt3_1-0.6.17-1.1mdv2007.1.i586.rpm
 c2044c5d7cde9e34dacaa18edd9841cb 2007.1/i586/libavahi-qt3_1-devel-0.6.17-1.1mdv2007.1.i586.rpm
 74af7ff7ef86b8f9500d1a743dc562b2 2007.1/i586/libavahi-qt4_1-0.6.17-1.1mdv2007.1.i586.rpm
 a1aa664366725cbe9fa5fe040556c1fa 2007.1/i586/libavahi-qt4_1-devel-0.6.17-1.1mdv2007.1.i586.rpm
 7c8767bcc749046d6425d737a56b8222 2007.1/SRPMS/avahi-0.6.17-1.1mdv2007.1.src.rpm
 Mandriva Linux 2007.1/X86_64:
 f094a05a552d9ba13dec063d56f1e22c 2007.1/x86_64/avahi-0.6.17-1.1mdv2007.1.x86_64.rpm
 39d9b751a7503db9239128d43bd5ad3f 2007.1/x86_64/avahi-dnsconfd-0.6.17-1.1mdv2007.1.x86_64.rpm
 5fb282c47d55bbbf2077a63023e0fd1a 2007.1/x86_64/avahi-python-0.6.17-1.1mdv2007.1.x86_64.rpm
 9b4dedd7a85d3b3071ac1e8cef4f7525 2007.1/x86_64/avahi-sharp-0.6.17-1.1mdv2007.1.x86_64.rpm
 a8f7fac1cde5ae63502903bc8567884f 2007.1/x86_64/avahi-sharp-doc-0.6.17-1.1mdv2007.1.x86_64.rpm
 ee64d6cccc9b9d77c0bb1fce91ab4a7d 2007.1/x86_64/avahi-x11-0.6.17-1.1mdv2007.1.x86_64.rpm
 ffcc772b531d6154a44981dfb64f523d 2007.1/x86_64/lib64avahi-client3-0.6.17-1.1mdv2007.1.x86_64.rpm
 55c345072802eee53ab869aa244ee0cf 2007.1/x86_64/lib64avahi-client3-devel-0.6.17-1.1mdv2007.1.x86_64.rpm
 757596964e809446b3609d8171e91073 2007.1/x86_64/lib64avahi-common3-0.6.17-1.1mdv2007.1.x86_64.rpm
 2cb6cf729bb97d1c991a4e299e2187f7 2007.1/x86_64/lib64avahi-common3-devel-0.6.17-1.1mdv2007.1.x86_64.rpm
 7de3b12c7f083295d77b44bcf519f771 2007.1/x86_64/lib64avahi-compat-howl0-0.6.17-1.1mdv2007.1.x86_64.rpm
 2ed4cc31f953e4af55a01caef59fb09f 2007.1/x86_64/lib64avahi-compat-howl0-devel-0.6.17-1.1mdv2007.1.x86_64.rpm
 064f583041d5f9c47c1d09f0cead95ff 2007.1/x86_64/lib64avahi-compat-libdns_sd1-0.6.17-1.1mdv2007.1.x86_64.rpm
 724f6efdff583868004d68574a69d6b2 2007.1/x86_64/lib64avahi-compat-libdns_sd1-devel-0.6.17-1.1mdv2007.1.x86_64.rpm
 7598dabff5d5c0cc2e72f6985e4f53d5 2007.1/x86_64/lib64avahi-core5-0.6.17-1.1mdv2007.1.x86_64.rpm
 957b59e1e063a45e5c7e3f4b149d8574 2007.1/x86_64/lib64avahi-core5-devel-0.6.17-1.1mdv2007.1.x86_64.rpm
 00895af428b5fc5d476025b29d823802 2007.1/x86_64/lib64avahi-glib1-0.6.17-1.1mdv2007.1.x86_64.rpm
 00049709452921a8f20b12b6818d194a 2007.1/x86_64/lib64avahi-glib1-devel-0.6.17-1.1mdv2007.1.x86_64.rpm
 1a7b663e7a2e947a36ae558aa186b63f 2007.1/x86_64/lib64avahi-qt3_1-0.6.17-1.1mdv2007.1.x86_64.rpm
 fd3516bd0edd363df92eeb2227a56f41 2007.1/x86_64/lib64avahi-qt3_1-devel-0.6.17-1.1mdv2007.1.x86_64.rpm
 c6fe42aa0f2399074a71f59f6dc6f3a2 2007.1/x86_64/lib64avahi-qt4_1-0.6.17-1.1mdv2007.1.x86_64.rpm
 ad45ac4f9c46187d8c7281b3b6b70959 2007.1/x86_64/lib64avahi-qt4_1-devel-0.6.17-1.1mdv2007.1.x86_64.rpm
 7c8767bcc749046d6425d737a56b8222 2007.1/SRPMS/avahi-0.6.17-1.1mdv2007.1.src.rpm

SUSE : nouveaux paquetages MPlayer, madwifi, samba, cups, libexif, evolution, mutt, avahi.
De nouveaux paquetages sont disponibles via YaST ou FTP.
Bulletin complet, filtrage par logiciel, emails, correctifs, ... (Demandez votre essai gratuit)

Service de veille sur les vulnérabilités informatiques 

Vigil@nce fournit un patch de vulnérabilité de réseau. La base de vulnérabilités Vigil@nce contient plusieurs milliers de failles.