EulerOS Virtualization 2.13.0 : avahi (EulerOS-SA-2025-2605)

🗓️ 31 Dec 2025 00:00:00Reported by TenableType

Avahi-daemon in EulerOS Virtualization 2.13.0 has fixed ports and predictable DNS IDs, enabling spoofing.

Reporter	Title	Published	Views	Family All 178
IBM Security Bulletins	Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for July 2025.	7 Aug 202508:58	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Hyper Converged Database	10 Nov 202522:11	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2026.	30 Jan 202617:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Rapid Infrastructure Automation	27 Apr 202610:31	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)	11 Nov 202514:43	–	ibm
Tenable Nessus	Amazon Linux 2023 : avahi, avahi-autoipd, avahi-compat-howl (ALAS2023-2024-771)	11 Dec 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : avahi (ALAS-2024-2704)	23 Dec 202400:00	–	nessus
Tenable Nessus	AlmaLinux 10 : avahi (ALSA-2025:16441)	9 Oct 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : avahi (ALSA-2025:7437)	21 May 202500:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: avahi (CVE-2024-52616)	21 Feb 202500:00	–	nessus

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(281589);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/31");

  script_cve_id("CVE-2024-52615", "CVE-2024-52616");

  script_name(english:"EulerOS Virtualization 2.13.0 : avahi (EulerOS-SA-2025-2605)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is
affected by the following vulnerabilities :

    A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue
    simplifies attacks where malicious DNS responses are injected.(CVE-2024-52615)

    A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at
    startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing
    attacks, allowing attackers to guess transaction IDs.(CVE-2024-52616)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization avahi security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2025-2605
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c8f4a16d");
  script_set_attribute(attribute:"solution", value:
"Update the affected avahi packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-52616");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/11/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/12/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/12/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:avahi-libs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.13.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.13.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.13.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "x86" >!< cpu) audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

var flag = 0;

var pkgs = [
  "avahi-libs-0.8-18.h3.eulerosv2r13"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "avahi");
}

31 Dec 2025 00:00Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.15.3

EPSS0.00083

SSVC