Avahi Buffer Overflow and Denial Of Service Vulnerabilities

Bugtraq ID:	17884
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	May 08 2006 12:00AM
Updated:	May 09 2006 07:54PM
Credit:	The vendor disclosed these vulnerabilities.
Vulnerable:	Avahi Avahi 0.6.9 Avahi Avahi 0.6.8 Avahi Avahi 0.6.7
Not Vulnerable:	Avahi Avahi 0.6.10

Avahi Buffer Overflow and Denial Of Service Vulnerabilities

Avahi is susceptible to multiple remote vulnerabilities.

A buffer-overflow vulnerability and denial-of-service vulnerability affect Avahi, and potentially allow remote attackers to execute arbitrary machine code and to crash the affected application.

Versions prior to 0.6.10 are vulnerable to these issues.

Avahi Buffer Overflow and Denial Of Service Vulnerabilities

Currently we are not aware of any exploits for these issues. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]

Avahi Buffer Overflow and Denial Of Service Vulnerabilities

Solution:
The vendor has released version 0.6.10 to address these issues; please see the reference section for further details.


Avahi Avahi 0.6.7

• Avahi avahi-0.6.10.tar.gz
  http://avahi.org/download/avahi-0.6.10.tar.gz

Avahi Avahi 0.6.8

• Avahi avahi-0.6.10.tar.gz
  http://avahi.org/download/avahi-0.6.10.tar.gz

Avahi Avahi 0.6.9

• Avahi avahi-0.6.10.tar.gz
  http://avahi.org/download/avahi-0.6.10.tar.gz

Avahi Buffer Overflow and Denial Of Service Vulnerabilities

References:

• 0.6.10 Milestone (Avahi)
  
• Avahi Homepage (Avahi)