oss-sec mailing list archives
Avahi daemon DoS (CVE-2008-5081)
From: Tomas Hoger <thoger () redhat com>
Date: Sun, 14 Dec 2008 11:32:26 +0100
Hi! New avahi upstream release 0.6.24 was released on Friday. http://avahi.org/milestone/Avahi%200.6.24 Security issue mentioned in the DoS flaw reported by Hugo Dias. Crafted mDNS packet with source port 0 can cause avahi-daemon to abort() due to failed assertion assert(port > 0); in originates_from_local_legacy_unicast_socket() function in avahi-core/server.c. Upstream commit: http://git.0pointer.de/?p=avahi.git;a=commitdiff;h=3093047f1aa36bed8a37fa79004bf0ee287929f4 CVE CVE-2008-5081 was assigned to this issue. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- Avahi daemon DoS (CVE-2008-5081) Tomas Hoger (Dec 14)