Debian Security Advisory DSA 1690-1 (avahi) Network Vulnerability

Summary

The remote host is missing an update to avahi announced via advisory DSA 1690-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201690-1

Insight

Two denial of service conditions were discovered in avahi, a Multicast DNS implementation. Huge Dias discovered that the avahi daemon aborts with an assert error if it encounters a UDP packet with source port 0 (CVE-2008-5081). It was discovered that the avahi daemon aborts with an assert error if it receives an empty TXT record over D-Bus (CVE-2007-3372). For the stable distribution (etch), these problems have been fixed in version 0.6.16-3etch2. For the unstable distribution (sid), these problems have been fixed in version 0.6.23-3. We recommend that you upgrade your avahi packages.

Severity

Classification

CVE CVE-2007-3372, CVE-2008-5081
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Debian Security Advisory DSA 077-1 (squid)
Debian Security Advisory DSA 004-1 (nano)
Debian Security Advisory DSA 1111-2 (kernel-source-2.6.8 et. al.)
Debian Security Advisory DSA 062-1 (rxvt)
Debian Security Advisory DSA 114-1 (gnujsp)

Take action and discover your vulnerabilities