Mandriva Linux Security Advisory : avahi (MDVSA-2011:037)

NASLDB: Mandriva Linux Security Advisory : avahi (MDVSA-2011:037)

General

ID: 52454
Name: Mandriva Linux Security Advisory : avahi (MDVSA-2011:037)

Summary: Checks rpm output for the updated packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Temporal Vector: –

Port: 0
Family: Mandriva Local Security Checks
Type: Local

Description

A vulnerability has been found and corrected in avahi :

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows
remote attackers to cause a denial of service (infinite loop) via an
empty (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2010-2244
(CVE-2011-1002).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490

The updated packages have been patched to correct this issue.

Exploiting

Exploit Available: True
Exploitability Ease: Exploits are available

Sources

CVE: CVE-2011-1002
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2011/02/24
Plugin Release: 2011/02/25

Plugin

Version: 1.6
Filename: mandriva_MDVSA-2011-037.nasl
Filesize: 19976 bytes
MD5 Hash: 82ac0bbcb29bec06159568089b2675b0

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list
Dependencies: "ssh_get_info.nasl"

Latest Plugins

Latest Plugins

scip AG