The Avahi daemon in Avahi prior to 0.6.20 allows malicious users to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.
Debian Bug report logs -
#508700
[CVE-2008-5081] avahi daemon DoS through zero source port
Package:
avahi-daemon;
Maintainer for avahi-daemon is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for avahi-daemon is src:avahi (PTS, buildd, popcon)
Reported by: Florian Weimer <fw@denebenyode ...
Emanuele Aina discovered that Avahi did not properly validate its input when
processing data over D-Bus A local attacker could send an empty TXT message
via D-Bus and cause a denial of service (failed assertion) This issue only
affected Ubuntu 606 LTS (CVE-2007-3372) ...
Two denial of service conditions were discovered in avahi, a Multicast
DNS implementation
Huge Dias discovered that the avahi daemon aborts with an assert error
if it encounters a UDP packet with source port 0 (CVE-2008-5081)
It was discovered that the avahi daemon aborts with an assert error if
it receives an empty TXT record over D-Bus (CVE-200 ...
Vulmon