Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 355583 (CVE-2011-1002)

Summary: <net-dns/avahi-0.6.28-r1: Null UDP Packet DoS (CVE-2011-1002)
Product: Gentoo Security Reporter: Tim Sammut (RETIRED) <underling>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: eva, swegener
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 335885    

Description Tim Sammut (RETIRED) gentoo-dev 2011-02-19 16:20:27 UTC
From $URL:

A null UDP packet sent to avahi on port 5353 causes an infinite loop, 100% cpu, DOS. The patch for RBz Bug 607297 is what is causing this. I have posted a description to their Bz:

Changed 18 hours ago by lennart

    * status changed from new to closed
    * resolution set to fixed

Fixed in git.
Changed 18 hours ago by lennart

    * milestone set to Avahi 0.6.29
Comment 1 Sven Wegener gentoo-dev 2011-02-27 01:25:13 UTC
I've commited avahi-0.6.28-r1, containing the fix from avahi git.
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2011-02-27 11:04:29 UTC
Sven, don't close security bugs please. We also need to stabilize the newer version. Any objections?
Comment 3 Sven Wegener gentoo-dev 2011-02-27 12:17:24 UTC
Sorry, I've jut closed it out of habbit. 0.6.28 is ready to go stable.
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2011-02-27 17:14:01 UTC
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 5 Agostino Sarubbo gentoo-dev 2011-02-27 17:26:38 UTC
pulled in: dev-libs/libdaemon-0.14-r1

any objection or prefer that we open a separate bug?
Comment 6 Agostino Sarubbo gentoo-dev 2011-02-28 13:02:19 UTC
from irc:
[14:00:06] <EvaSDK> ago: no objection, it should probably have gone stable long ago already :)

arches, please stable also =dev-libs/libdaemon-0.14-r1

amd64 ok
Comment 7 Andreas Schürch gentoo-dev 2011-02-28 14:41:07 UTC
I tested on x86 =net-dns/avahi-0.6.28-r1 as well as =dev-libs/libdaemon-0.14-r1.
Both look good to go here.
Comment 8 Markos Chandras (RETIRED) gentoo-dev 2011-02-28 18:44:56 UTC
amd64 done
Comment 9 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-03-01 17:24:16 UTC
ppc/ppc64 stable
Comment 10 Thomas Kahle (RETIRED) gentoo-dev 2011-03-02 08:47:39 UTC
x86 done. Thanks Andreas.
Comment 11 Jeroen Roovers (RETIRED) gentoo-dev 2011-03-04 15:46:56 UTC
Stable for HPPA.
Comment 12 Raúl Porcel (RETIRED) gentoo-dev 2011-03-05 12:17:08 UTC
alpha/arm/ia64/s390/sh/sparc stable
Comment 13 Tim Sammut (RETIRED) gentoo-dev 2011-03-05 21:14:23 UTC
Thanks, everyone.

GLSA Vote: Yes.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 20:03:25 UTC
CVE-2011-1002 (
  avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote
  attackers to cause a denial of service (infinite loop) via an empty mDNS (1)
  IPv4 or (2) IPv6 UDP packet to port 5353.  NOTE: this vulnerability exists
  because of an incorrect fix for CVE-2010-2244.
Comment 15 Stefan Behte (RETIRED) gentoo-dev Security 2011-10-08 22:46:33 UTC
Vote: YES. New GLSA request filed.
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2011-10-22 16:32:32 UTC
This issue was resolved and addressed in
 GLSA 201110-17 at
by GLSA coordinator Tobias Heinlein (keytoaster).