Denial of Service in Avahi Daemon 0.6.23 from Open Source Developer Avahi
CVE-2009-0758

Currently unrated

Key Information:

Vendor

Avahi

Status
Avahi-daemon
Vendor
CVE Published:
3 March 2009

What is CVE-2009-0758?

The avahi-daemon version 0.6.23 contains a vulnerability in the originates_from_local_legacy_unicast_socket function that fails to properly handle the network byte order of port numbers for incoming multicast packets. This oversight can be exploited by remote attackers who send specially crafted legacy unicast mDNS query packets. Such packets may initiate a multicast packet storm, leading to significant network bandwidth exhaustion and increased CPU consumption, ultimately resulting in a denial of service for legitimate users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.openwall.com/lists/oss-security/2009/03/02/1
mailing-listx_refsource_MLIST
http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA
http://www.debian.org/security/2010/dsa-2086
vendor-advisoryx_refsource_DEBIAN

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.