Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 250913 (CVE-2008-5081) - net-dns/avahi <0.6.24 mDNS packet DoS (CVE-2008-5081)
Summary: net-dns/avahi <0.6.24 mDNS packet DoS (CVE-2008-5081)
Status: RESOLVED FIXED
Alias: CVE-2008-5081
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://avahi.org/milestone/Avahi%200....
Whiteboard: B3 [glsa]
Keywords:
: 251315 (view as bug list)
Depends on:
Blocks:
 
Reported: 2008-12-14 10:47 UTC by stupendoussteve
Modified: 2020-04-10 11:35 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description stupendoussteve 2008-12-14 10:47:54 UTC
Security issue mentioned in the DoS flaw reported by Hugo Dias.
Crafted mDNS packet with source port 0 can cause avahi-daemon to
abort() due to failed assertion assert(port > 0); in
originates_from_local_legacy_unicast_socket() function in
avahi-core/server.c.

Upstream commit:
http://git.0pointer.de/?p=avahi.git;a=commitdiff;h=3093047f1aa36bed8a37fa79004bf0ee287929f4

Reproducible: Always
Comment 1 Sven Wegener gentoo-dev 2008-12-14 22:21:57 UTC
I just commited net-dns/avahi-0.6.24 to the tree.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-12-17 15:38:25 UTC
*** Bug 251315 has been marked as a duplicate of this bug. ***
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-12-17 15:39:58 UTC
Is i ok for stabling?
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2008-12-17 16:19:36 UTC
Arches, please test and mark stable:
=net-dns/avahi-0.6.24
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 5 Markus Meier gentoo-dev 2008-12-17 20:07:45 UTC
amd64/x86 stable
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2008-12-18 05:32:11 UTC
Stable for HPPA.
Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev 2008-12-18 17:38:30 UTC
ppc stable
Comment 8 Brent Baude (RETIRED) gentoo-dev 2008-12-18 17:43:19 UTC
ppc64 done.  the hooks for monodoc are in these avahi ebuilds now so we should
probably get a depend on monodoc and subsequent mono stablization no?
Comment 9 Brent Baude (RETIRED) gentoo-dev 2008-12-18 18:23:32 UTC
(In reply to comment #8)
> ppc64 done.  the hooks for monodoc are in these avahi ebuilds now so we should
> probably get a depend on monodoc and subsequent mono stablization no?
> 

bleh, tree was not totally synced...disregard previous comment
Comment 10 Tobias Klausmann (RETIRED) gentoo-dev 2008-12-20 15:13:45 UTC
Stable on alpha.
Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2008-12-22 18:50:43 UTC
ia64/sparc stable
Comment 12 Tobias Heinlein (RETIRED) gentoo-dev 2008-12-29 20:12:08 UTC
Ready for vote, I vote YES.
Comment 13 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-11 18:41:16 UTC
Yes, too. Request filed.
Comment 14 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-01-14 23:07:18 UTC
GLSA 200901-11