| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Avahi
Avahi: information disclosure and DDos via mDNS on IPv6
Synthesis of the vulnerability
An attacker can query the mDNS service of Avahi, in order to obtain sensitive information about the network, or to amplify a denial of service attack.
Impacted products: Avahi, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 02/05/2017.
Identifiers: CVE-2017-6519, CVE-2018-1000845-REJECT, openSUSE-SU-2019:0128-1, openSUSE-SU-2019:0197-1, RHBUG-1426712, SUSE-SU-2019:0179-1, SUSE-SU-2019:0285-1, SUSE-SU-2019:13947-1, USN-3876-1, USN-3876-2, VIGILANCE-VUL-22617.
Description of the vulnerability
The mDNS (Multicast DNS) protocol allows local computers to discover services available on their networks.
However, the IPv6 mDNS implementation in Avahi accepts to reply to Unicast queries coming from outside its network.
This vulnerability is a variant of VIGILANCE-VUL-16510.
An attacker can therefore query the mDNS service of Avahi, in order to obtain sensitive information about the network, or to amplify a denial of service attack.
Full Vigil@nce bulletin... (Free trial) |
mDNS: information disclosure and DDos
Synthesis of the vulnerability
An attacker can query the mDNS service, in order to obtain sensitive information about the network, or to amplify a denial of service attack.
Impacted products: Avahi, DNS protocol, Synology DSM.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: internet client.
Creation date: 01/04/2015.
Identifiers: CVE-2015-2809, VIGILANCE-VUL-16510, VU#550620.
Description of the vulnerability
The mDNS (Multicast DNS) protocol allows local computers to discover services available on their networks.
However, some mDNS implementations accept to reply to Unicast queries coming from outside their network.
An attacker can therefore query the mDNS service, in order to obtain sensitive information about the network, or to amplify a denial of service attack.
Full Vigil@nce bulletin... (Free trial) |
Avahi: denial of service via DNS
Synthesis of the vulnerability
An attacker can send a malformed DNS packet, in order to stop the Avahi daemon.
Impacted products: Avahi, Debian, Fedora, Mandriva Linux, OpenSolaris, RHEL.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 07/07/2010.
Identifiers: CERTA-2002-AVI-279, CVE-2010-2244, DSA-2086-1, FEDORA-2010-10581, FEDORA-2010-10584, MDVSA-2010:204, RHSA-2010:0528-01, VIGILANCE-VUL-9742.
Description of the vulnerability
The Avahi daemon automatically process the network configuration of the system.
The avahi_recv_dns_packet_ipv4/6() functions of the file avahi-core/socket.c decode received UDP+DNS/mDNS (Multicast DNS) packets.
When an attacker sends a packet with an invalid UDP checksum, followed by a valid packet, the avahi_recv_dns_packet_ipv4/6() functions use a null packet size, which generate an assertion error.
An attacker can therefore send a malformed DNS packet, in order to stop the Avahi daemon.
Full Vigil@nce bulletin... (Free trial) |
Avahi: denial of service via D-Bus
Synthesis of the vulnerability
A local attacker can stop the Avahi daemon by using a special D-Bus message.
Impacted products: Avahi, Debian, Mandriva Linux, openSUSE, SLES.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user account.
Creation date: 18/09/2007.
Identifiers: BID-24614, CVE-2007-3372, DSA-1690-1, MDKSA-2007:185, SUSE-SR:2007:014, VIGILANCE-VUL-7176.
Description of the vulnerability
The Avahi system permits to discover services offered by a local network.
The D-Bus environment permits applications to exchange information. It is based on a daemon and a library which is used by software. Avahi uses D-Bus.
An attacker can use a D-Bus message with an empty TXT field in order to generate an assertion error in Avahi. This error stops the daemon.
A local attacker can therefore create a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Avahi: denial of service via DNS
Synthesis of the vulnerability
A network attacker can construct a malicious DNS packet generating an infinite loop in Avahi.
Impacted products: Avahi, Fedora, Mandriva Linux, openSUSE, SLES.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: intranet server.
Creation date: 08/01/2007.
Identifiers: BID-21881, CVE-2006-6870, FEDORA-2007-018, FEDORA-2007-019, MDKSA-2007:003, SUSE-SR:2007:007, VIGILANCE-VUL-6435.
Description of the vulnerability
The Avahi system permits to discover services offered by a local network.
The DNS protocol defines a compression method to suppress redundant segments. For example, a message can contain;
www.domain.dom
dns.domain.dom
In this case, the second occurrence of "domain.dom" can be replaced by the offset of the first one.
However, the consume_labels() function of avahi-core/dns.c does not correctly check offsets. They can point to current offset in order to generate an infinite loop.
A remote attacker can thus send a malicious DNS compressed packet in order to generate a denial of service on Avahi.
This vulnerability is a particular case of the VIGILANCE-VUL-4978 generic bulletin.
Full Vigil@nce bulletin... (Free trial) |
Avahi: information edition via netlink
Synthesis of the vulnerability
A local attacker can send malicious netlink messages to Avahi in order to alter returned information.
Impacted products: Avahi, Fedora, Mandriva Linux.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 21/11/2006.
Identifiers: CVE-2006-5461, FEDORA-2006-1339, FEDORA-2006-1340, MDKSA-2006:215, VIGILANCE-VUL-6329.
Description of the vulnerability
The Avahi system permits to discover services offered by a local network.
The netlink mechanism is used to exchange data between kernel and user space.
When Avahi receives a netlink message, it does not check if it originates from the kernel.
A local attacker can thus send netlink messages to Avahi in order for example to invite user to connect to a malicious computer.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Avahi:
|