Vigil@nce - mDNS: information disclosure and DDos
June 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can query the mDNS service, in order to obtain
sensitive information about the network, or to amplify a denial of
service attack.
– Impacted products: Avahi, DNS, Synology DSM
– Severity: 2/4
– Creation date: 01/04/2015
DESCRIPTION OF THE VULNERABILITY
The mDNS (Multicast DNS) protocol allows local computers to
discover services available on their networks.
However, some mDNS implementations accept to reply to Unicast
queries coming from outside their network.
An attacker can therefore query the mDNS service, in order to
obtain sensitive information about the network, or to amplify a
denial of service attack.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/mDNS-information-disclosure-and-DDos-16510