Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 Tenable Network Security, Inc.FEDORA_2008-11351.NASL
HistoryApr 23, 2009 - 12:00 a.m.

Fedora 10 : avahi-0.6.22-12.fc10 (2008-11351)

2009-04-2300:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
5
JSON

This version includes five patches backported from the recently released 0.6.24 :

  • A trivial security fix for CVE-2008-5081, rhbz 475964. - A trivial fix for the threaded event loop, avahi bts #251 - A trivial fix unbreaking the --force-bind logic of avahi-autoipd, avahi bts #209 - A trivial fix to make sure we never end up with an invalid IP address in avahi-autoipd, avahi bts #231

  • A trivial change to include the host name of the sender when we receive bogus mDNS packets, rhbz #438013 All changes are ‘trivial’, i.e. very simple in nature.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2008-11351.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(37488);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2008-5081");
  script_xref(name:"FEDORA", value:"2008-11351");

  script_name(english:"Fedora 10 : avahi-0.6.22-12.fc10 (2008-11351)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This version includes five patches backported from the recently
released 0.6.24 :

  - A trivial security fix for CVE-2008-5081, rhbz 475964. -
    A trivial fix for the threaded event loop, avahi bts
    #251 - A trivial fix unbreaking the --force-bind logic
    of avahi-autoipd, avahi bts #209 - A trivial fix to make
    sure we never end up with an invalid IP address in
    avahi-autoipd, avahi bts #231

  - A trivial change to include the host name of the sender
    when we receive bogus mDNS packets, rhbz #438013 All
    changes are 'trivial', i.e. very simple in nature.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=475964"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2009-January/018708.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?ed1b7a4e"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected avahi package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_cwe_id(399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:avahi");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:10");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/12/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^10([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 10.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC10", reference:"avahi-0.6.22-12.fc10")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "avahi");
}
VendorProductVersionCPE
fedoraprojectfedoraavahip-cpe:/a:fedoraproject:fedora:avahi
fedoraprojectfedora10cpe:/o:fedoraproject:fedora:10

Related

openvas 30
oraclelinux 1
cvelist 2
nessus 13
fedora 1
cve 2
seebug 2
gentoo 1
centos 1
securityvulns 2
prion 2
exploitpack 1
redhat 1
debiancve 2
ubuntucve 2
exploitdb 1
osv 1
debian 1
ubuntu 1
openvas
openvas
Fedora Core 10 FEDORA-2008-11351 (avahi)
2009-01-07 00:00:00
RedHat Security Advisory RHSA-2009:0013
2009-01-13 00:00:00
Avahi Denial of Service Vulnerability
2008-12-31 00:00:00
oraclelinux
oraclelinux
avahi security update
2009-01-12 00:00:00
cvelist
cvelist
CVE-2008-5081
2008-12-17 02:00:00
CVE-2010-2244
2010-07-07 18:00:00
nessus
nessus
Mandriva Linux Security Advisory : avahi (MDVSA-2009:031)
2009-04-23 00:00:00
RHEL 5 : avahi (RHSA-2009:0013)
2009-01-13 00:00:00
Scientific Linux Security Update : avahi on SL5.x i386/x86_64
2012-08-01 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: avahi-0.6.22-12.fc10
2009-01-07 09:33:13
cve
cve
CVE-2008-5081
2008-12-17 02:30:00
CVE-2010-2244
2010-07-08 12:54:00
seebug
seebug
Avahi &lt; 0.6.24 (mDNS Daemon) Remote Denial of Service Exploit
2008-12-21 00:00:00
Avahi < 0.6.24 (mDNS Daemon) Remote Denial of Service Exploit
2014-07-01 00:00:00
gentoo
gentoo
Avahi: Denial of service
2009-01-14 00:00:00
centos
centos
avahi security update
2009-01-14 00:46:56
securityvulns
securityvulns
Avahi multicast DNS server DoS
2008-12-23 00:00:00
[SECURITY] [DSA 1690-1] New avahi packages fix denial of service
2008-12-23 00:00:00
prion
prion
Design/Logic Flaw
2008-12-17 02:30:00
Design/Logic Flaw
2010-07-08 12:54:00
exploitpack
exploitpack
Avahi 0.6.24 - mDNS Daemon Remote Denial of Service
2008-12-19 00:00:00
redhat
redhat
(RHSA-2009:0013) Moderate: avahi security update
2009-01-12 00:00:00
debiancve
debiancve
CVE-2008-5081
2008-12-17 02:30:00
CVE-2010-2244
2010-07-08 12:54:00
ubuntucve
ubuntucve
CVE-2008-5081
2008-12-17 00:00:00
CVE-2010-2244
2010-07-08 00:00:00
exploitdb
exploitdb
Avahi &lt; 0.6.24 - mDNS Daemon Remote Denial of Service
2008-12-19 00:00:00
osv
osv
avahi - denial of service
2008-12-22 00:00:00
debian
debian
[SECURITY] [DSA 1690-1] New avahi packages fix denial of service
2008-12-22 06:53:20
ubuntu
ubuntu
Avahi vulnerabilities
2008-12-18 00:00:00
JSON
Related for FEDORA_2008-11351.NASL
openvas30oraclelinux1cvelist2nessus13fedora1cve2seebug2gentoo1centos1securityvulns2prion2exploitpack1redhat1debiancve2ubuntucve2exploitdb1osv1debian1ubuntu1