Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - Avahi: denial of service via DNS

July 2010 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

An attacker can send a malformed DNS packet, in order to stop the
Avahi daemon.

Severity: 2/4

Creation date: 07/07/2010

DESCRIPTION OF THE VULNERABILITY

The Avahi daemon automatically process the network configuration
of the system.

The avahi_recv_dns_packet_ipv4/6() functions of the file
avahi-core/socket.c decode received UDP+DNS/mDNS (Multicast DNS)
packets.

When an attacker sends a packet with an invalid UDP checksum,
followed by a valid packet, the avahi_recv_dns_packet_ipv4/6()
functions use a null packet size, which generate an assertion
error.

An attacker can therefore send a malformed DNS packet, in order to
stop the Avahi daemon.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Avahi-denial-of-service-via-DNS-9742


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts