FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-1002

This CVE name corresponds to:

Entered	Topic
2011-03-13	avahi -- denial of service

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-1002 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2011-1002
Phase	Assigned(20110214)

Description

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.

References

Source	Reference
MLIST	[oss-security] 20110218 CVE request: avahi daemon remote denial of service by sending NULL UDP
MLIST	[oss-security] 20110218 Re: CVE request: avahi daemon remote denial of service by sending NULL UDP
MLIST	[oss-security] 20110222 Re: [oss-security] CVE request: avahi daemon remote denial of service by sending NULL UDP
MISC	http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/
CONFIRM	http://avahi.org/ticket/325
CONFIRM	http://git.0pointer.de/?p=avahi.git;a=commit;h=46109dfec75534fe270c0ab902576f685d5ab3a6
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=667187
DEBIAN	DSA-2174
FEDORA	FEDORA-2011-3033
MANDRIVA	MDVSA-2011:037
MANDRIVA	MDVSA-2011:040
REDHAT	RHSA-2011:0436
REDHAT	RHSA-2011:0779
SUSE	SUSE-SR:2011:005
UBUNTU	USN-1084-1
BID	46446
OSVDB	70948
SECUNIA	43361
SECUNIA	43465
SECUNIA	43605
SECUNIA	43673
SECUNIA	44131
VUPEN	ADV-2011-0448
VUPEN	ADV-2011-0499
VUPEN	ADV-2011-0511
VUPEN	ADV-2011-0565
VUPEN	ADV-2011-0601
VUPEN	ADV-2011-0670
VUPEN	ADV-2011-0969
XF	avahi-udp-dos(65524)
XF	avahi-udp-packet-dos(65525)