Vigil@nce - Avahi: denial of service via DNS
July 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malformed DNS packet, in order to stop the
Avahi daemon.
Severity: 2/4
Creation date: 07/07/2010
DESCRIPTION OF THE VULNERABILITY
The Avahi daemon automatically process the network configuration
of the system.
The avahi_recv_dns_packet_ipv4/6() functions of the file
avahi-core/socket.c decode received UDP+DNS/mDNS (Multicast DNS)
packets.
When an attacker sends a packet with an invalid UDP checksum,
followed by a valid packet, the avahi_recv_dns_packet_ipv4/6()
functions use a null packet size, which generate an assertion
error.
An attacker can therefore send a malformed DNS packet, in order to
stop the Avahi daemon.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Avahi-denial-of-service-via-DNS-9742