Published: 31/12/2006 Updated: 08/03/2011

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The consume_labels function in avahi-core/dns.c in Avahi prior to 0.6.16 allows remote malicious users to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.

Vulnerable Product	Search on Vulmon	Subscribe to Product
avahi avahi 0.6.10
avahi avahi 0.6.11
avahi avahi 0.6.9
avahi avahi 0.6.14
avahi avahi 0.6.15
avahi avahi 0.6.12
avahi avahi 0.6.13
avahi avahi 0.6.7
avahi avahi 0.6.8

A flaw was discovered in Avahi’s handling of compressed DNS packets If a specially crafted reply were received over the network, the Avahi daemon would go into an infinite loop, causing a denial of service ...

NVD-CWE-Other http://www.avahi.org/#December2006 http://www.avahi.org/changeset/1340 http://www.avahi.org/ticket/84 http://www.ubuntu.com/usn/usn-402-1 http://fedoranews.org/cms/node/2362 http://www.securityfocus.com/bid/21881 http://secunia.com/advisories/23628 http://secunia.com/advisories/23660 http://secunia.com/advisories/23673 http://secunia.com/advisories/23644 http://fedoranews.org/cms/node/2408 http://secunia.com/advisories/23782 http://www.novell.com/linux/security/advisories/2007_007_suse.html http://secunia.com/advisories/24995 http://www.mandriva.com/security/advisories?name=MDKSA-2007:003 http://www.vupen.com/english/advisories/2007/0071 https://usn.ubuntu.com/402-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-6870

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect