oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Avahi daemon DoS (CVE-2008-5081)

From: Tomas Hoger <thoger () redhat com>
Date: Sun, 14 Dec 2008 11:32:26 +0100
Hi!

New avahi upstream release 0.6.24 was released on Friday.
  http://avahi.org/milestone/Avahi%200.6.24

Security issue mentioned in the DoS flaw reported by Hugo Dias.
Crafted mDNS packet with source port 0 can cause avahi-daemon to
abort() due to failed assertion assert(port > 0); in
originates_from_local_legacy_unicast_socket() function in
avahi-core/server.c.

Upstream commit:
http://git.0pointer.de/?p=avahi.git;a=commitdiff;h=3093047f1aa36bed8a37fa79004bf0ee287929f4

CVE CVE-2008-5081 was assigned to this issue.

-- 
Tomas Hoger / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: