Lucene search

[email protected]CVE-2009-0758

HistoryMar 03, 2009 - 4:30 p.m.

CVE-2009-0758

2009-03-0316:30:00

CWE-399

[email protected]

web.nvd.nist.gov

cve

avahi-daemon

denial of service

network security

vulnerability

7.1 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.033 Low

EPSS

Percentile

91.1%

JSON

The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm.

CPENameOperatorVersion
avahi:avahi-daemonavahi avahi-daemoneq0.6.23

CPE	Name	Operator	Version
avahi:avahi-daemon	avahi avahi-daemon	eq	0.6.23

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=517683

lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html

secunia.com/advisories/38420

www.debian.org/security/2010/dsa-2086

www.mandriva.com/security/advisories?name=MDVSA-2009:076

www.openwall.com/lists/oss-security/2009/03/02/1

www.securityfocus.com/bid/33946

7.1 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.033 Low

EPSS

Percentile

91.1%

JSON

Related for CVE-2009-0758

nessus14 prion1 ubuntucve1 securityvulns3 openvas13 debiancve1 veracode1 gentoo1 oraclelinux1 redhat2 osv1 debian1 ubuntu1 centos1