133513 2006-05-16 10:36 0000 net-dns/avahi-0.6.10: DoS attack / arbitrary code execution 2006-05-17 04:46:03 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED B1? [noglsa] DerCorny P2 major --- 1 swegener@gentoo.org security@gentoo.org swegener@gentoo.org 2006-05-16 10:36:25 0000 <net-dns/avahi-0.6.10 is vulnerable to the following: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2289 Didn't notice this as I bumped the ebuild to 0.6.10 dercorny@gentoo.org 2006-05-16 12:40:56 0000 sparc and x86, please test and stable - thanks Does this run as root? If not, this is probably only B3 gustavoz@gentoo.org 2006-05-16 12:46:07 0000 sparc stable. tsunam@gentoo.org 2006-05-16 21:51:11 0000 all done on x86 as well ^.^ jaervosz@gentoo.org 2006-05-16 22:30:11 0000 Thx Joshua, but please don't close security bugs. Time for GLSA decision. Impact is rather vague so I tend to vote NO. falco@gentoo.org 2006-05-17 02:32:58 0000 SA 20022 http://secunia.com/advisories/20022 shows details on the impact. i think the buffer overflow comes from these lines of code : http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/avahi-core/rr.c?rev=1209&view=diff&r1=1209&r2=1208&p1=trunk/avahi-core/rr.c&p2=/trunk/avahi-core/rr.c Remote exec of code is serious, but in this case, the official advisory says it is hardly remotely exploitable. http://0pointer.de/cgi-bin/viewcvs.cgi/*checkout*/trunk/docs/NEWS?root=avahi "We do not consider either of them major security threats. " "The buffer overflow is hard to exploit remotely, only local users can become the 'avahi' user. In addition the user is trapped inside a chroot() environment (at least on Linux). " Concerning the DoS issue (exploitable from a local network only), it is also possible to DoS avahi with inconsistent data. So the DoS issue is not very serious as for me. I vote NO. dercorny@gentoo.org 2006-05-17 04:46:03 0000 yet another no and closing. Of course, feel free to reopen if you disagree.