CVE-2009-0758
Summary
| CVE | CVE-2009-0758 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2009-03-03 16:30:00 UTC |
|---|
| Updated | 2010-08-12 14:13:00 UTC |
|---|
| Description | The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Debian -- Security Information -- DSA-2086-1 avahi |
DEBIAN |
www.debian.org |
|
| [security-announce] SUSE Security Summary Report: SUSE-SR:2010:002 |
SUSE |
lists.opensuse.org |
|
| #517683 - avahi-daemon: reflector creates packet storm on legacy unicast traffic - Debian Bug report logs |
MISC |
bugs.debian.org |
|
| Avahi 'avahi-core/server.c' Multicast DNS Denial Of Service Vulnerability |
BID |
www.securityfocus.com |
|
| SUSE Update for Multiple Packages - Secunia.com |
SECUNIA |
secunia.com |
|
| Support / Security / Advisories / / MDVSA-2009:076 | Mandriva |
MANDRIVA |
www.mandriva.com |
|
| oss-security - CVE id request: avahi |
MLIST |
www.openwall.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|
| Red Hat | 2010-07-13 | Tomas Hoger | This issue has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0528.html. |
There are currently no legacy QID mappings associated with this CVE.
