5

CVE-2011-1002

Exploit
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AvahiAvahi Version <= 0.6.28
AvahiAvahi Version0.1
AvahiAvahi Version0.2
AvahiAvahi Version0.3
AvahiAvahi Version0.4
AvahiAvahi Version0.5
AvahiAvahi Version0.5.1
AvahiAvahi Version0.5.2
AvahiAvahi Version0.6.1
AvahiAvahi Version0.6.2
AvahiAvahi Version0.6.3
AvahiAvahi Version0.6.4
AvahiAvahi Version0.6.5
AvahiAvahi Version0.6.6
AvahiAvahi Version0.6.7
AvahiAvahi Version0.6.8
AvahiAvahi Version0.6.9
AvahiAvahi Version0.6.10
AvahiAvahi Version0.6.11
AvahiAvahi Version0.6.12
AvahiAvahi Version0.6.13
AvahiAvahi Version0.6.14
AvahiAvahi Version0.6.15
AvahiAvahi Version0.6.16
AvahiAvahi Version0.6.17
AvahiAvahi Version0.6.18
AvahiAvahi Version0.6.19
AvahiAvahi Version0.6.20
AvahiAvahi Version0.6.21
AvahiAvahi Version0.6.22
AvahiAvahi Version0.6.23
AvahiAvahi Version0.6.24
AvahiAvahi Version0.6.25
AvahiAvahi Version0.6.26
AvahiAvahi Version0.6.27
FedoraprojectFedora Version15
RedhatEnterprise Linux Version5.0
RedhatEnterprise Linux Version6.0
CanonicalUbuntu Linux Version8.04 SwEditionlts
CanonicalUbuntu Linux Version9.10
CanonicalUbuntu Linux Version10.04 SwEditionlts
CanonicalUbuntu Linux Version10.10
DebianDebian Linux Version5.0
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 29.36% 0.979
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
Third Party Advisory
http://avahi.org/ticket/325
Broken Link
http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6
Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html
Third Party Advisory
Mailing List
http://openwall.com/lists/oss-security/2011/02/18/1
Third Party Advisory
Mailing List
http://openwall.com/lists/oss-security/2011/02/18/4
Third Party Advisory
Mailing List
http://osvdb.org/70948
Broken Link
http://secunia.com/advisories/43361
Vendor Advisory
Broken Link
http://secunia.com/advisories/43465
Broken Link
http://secunia.com/advisories/43605
Broken Link
http://secunia.com/advisories/43673
Broken Link
http://secunia.com/advisories/44131
Broken Link
http://ubuntu.com/usn/usn-1084-1
Third Party Advisory
http://www.debian.org/security/2011/dsa-2174
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:037
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040
Broken Link
http://www.openwall.com/lists/oss-security/2011/02/22/9
Third Party Advisory
Mailing List
http://www.redhat.com/support/errata/RHSA-2011-0436.html
Broken Link
http://www.redhat.com/support/errata/RHSA-2011-0779.html
Broken Link
http://www.securityfocus.com/bid/46446
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2011/0448
Vendor Advisory
Broken Link
http://www.vupen.com/english/advisories/2011/0499
Vendor Advisory
Broken Link
http://www.vupen.com/english/advisories/2011/0511
Broken Link
http://www.vupen.com/english/advisories/2011/0565
Broken Link
http://www.vupen.com/english/advisories/2011/0601
Broken Link
http://www.vupen.com/english/advisories/2011/0670
Broken Link
http://www.vupen.com/english/advisories/2011/0969
Broken Link
http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/
Third Party Advisory
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=667187
Third Party Advisory
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/65524
Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/65525
Third Party Advisory
VDB Entry