Published: 17/12/2008 Updated: 29/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi prior to 0.6.24 allows remote malicious users to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure.

Vulnerable Product	Search on Vulmon	Subscribe to Product
avahi avahi 0.6.16
avahi avahi 0.6.15
avahi avahi 0.6.7
avahi avahi 0.6.6
avahi avahi 0.5.1
avahi avahi 0.5
avahi avahi 0.6.20
avahi avahi 0.6.19
avahi avahi 0.6.12
avahi avahi 0.6.11
avahi avahi 0.6.10
avahi avahi 0.6.3
avahi avahi 0.6.2
avahi avahi 0.2
avahi avahi 0.1
avahi avahi 0.6.22
avahi avahi 0.6.21
avahi avahi 0.6.14
avahi avahi 0.6.13
avahi avahi 0.6.5
avahi avahi 0.6.4
avahi avahi 0.4
avahi avahi 0.3
avahi avahi 0.6.18
avahi avahi 0.6.17
avahi avahi 0.6.9
avahi avahi 0.6.8
avahi avahi 0.6.1
avahi avahi 0.5.2
avahi avahi

Synopsis Moderate: avahi security update Type/Severity Security Advisory: Moderate Topic Updated avahi packages that fix a security issue are now available for RedHat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Description ...

Debian Bug report logs - #508700 [CVE-2008-5081] avahi daemon DoS through zero source port Package: avahi-daemon; Maintainer for avahi-daemon is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for avahi-daemon is src:avahi (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode ...

Emanuele Aina discovered that Avahi did not properly validate its input when processing data over D-Bus A local attacker could send an empty TXT message via D-Bus and cause a denial of service (failed assertion) This issue only affected Ubuntu 606 LTS (CVE-2007-3372) ...

Two denial of service conditions were discovered in avahi, a Multicast DNS implementation Huge Dias discovered that the avahi daemon aborts with an assert error if it encounters a UDP packet with source port 0 (CVE-2008-5081) It was discovered that the avahi daemon aborts with an assert error if it receives an empty TXT record over D-Bus (CVE-200 ...

/* * cve-2008-5081c * * Avahi mDNS Daemon Remote DoS < 0624 * Jon Oberheide <jon@oberheideorg> * jonoberheideorg * * Usage: * * gcc cve-2008-5081c -ldnet -o cve-2008-5081 * /cve-2008-5081 1234 * * Information: * * cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2008-5081 * * Crafted mDNS pa ...

Avahi mDNS daemon versions below 0624 remote denial of service exploit ...

CWE-399 http://avahi.org/milestone/Avahi%200.6.24 http://www.openwall.com/lists/oss-security/2008/12/14/1 http://www.securityfocus.com/bid/32825 http://www.ubuntu.com/usn/usn-696-1 http://secunia.com/advisories/33279 http://www.debian.org/security/2008/dsa-1690 http://secunia.com/advisories/33220 http://security.gentoo.org/glsa/glsa-200901-11.xml http://secunia.com/advisories/33153 http://secunia.com/advisories/33475 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html https://www.exploit-db.com/exploits/7520 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9987 https://access.redhat.com/errata/RHSA-2009:0013 https://usn.ubuntu.com/696-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/7520/

CVE-2008-5081

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect