Denial of Service in Avahi Daemon 0.6.23 from Open Source Developer Avahi
CVE-2009-0758

Currently unrated

Key Information:

Vendor: Avahi
Status: Avahi-daemon
Vendor: CVE Published:; 3 March 2009

What is CVE-2009-0758?

The avahi-daemon version 0.6.23 contains a vulnerability in the originates_from_local_legacy_unicast_socket function that fails to properly handle the network byte order of port numbers for incoming multicast packets. This oversight can be exploited by remote attackers who send specially crafted legacy unicast mDNS query packets. Such packets may initiate a multicast packet storm, leading to significant network bandwidth exhaustion and increased CPU consumption, ultimately resulting in a denial of service for legitimate users.

References

http://www.openwall.com/lists/oss-security/2009/03/02/1

mailing-listx_refsource_MLIST

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://www.debian.org/security/2010/dsa-2086

vendor-advisoryx_refsource_DEBIAN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2009
Vulnerability Reserved
Mar 3, 2009

JSON