Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 Tenable Network Security, Inc.SUSE_11_0_AVAHI-100119.NASL
HistoryFeb 02, 2010 - 12:00 a.m.

openSUSE Security Update : avahi (avahi-1832)

2010-02-0200:00:00
This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.
www.tenable.com
19
JSON

The avahi-daemon reflector could cause packet storms when reflecting legacy unicast mDNS traffic (CVE-2009-0758).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update avahi-1832.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(44361);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2009-0758");

  script_name(english:"openSUSE Security Update : avahi (avahi-1832)");
  script_summary(english:"Check for the avahi-1832 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The avahi-daemon reflector could cause packet storms when reflecting
legacy unicast mDNS traffic (CVE-2009-0758)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=480865"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected avahi packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_cwe_id(399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:avahi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:avahi-compat-howl-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:avahi-compat-mDNSResponder-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:avahi-lang");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:avahi-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:avahi-utils-gtk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavahi-client3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavahi-client3-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavahi-common3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavahi-common3-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavahi-core5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavahi-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavahi-glib-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavahi-glib1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavahi-glib1-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavahi-gobject-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavahi-gobject0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavahi-ui0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdns_sd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdns_sd-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libhowl0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-avahi");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/01/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/02");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.0", reference:"avahi-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"avahi-compat-howl-devel-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"avahi-compat-mDNSResponder-devel-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"avahi-lang-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"avahi-utils-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"avahi-utils-gtk-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"libavahi-client3-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"libavahi-common3-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"libavahi-core5-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"libavahi-devel-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"libavahi-glib-devel-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"libavahi-glib1-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"libavahi-gobject-devel-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"libavahi-gobject0-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"libavahi-ui0-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"libdns_sd-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"libhowl0-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"python-avahi-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"libavahi-client3-32bit-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"libavahi-common3-32bit-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"libavahi-glib1-32bit-0.6.22-68.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"libdns_sd-32bit-0.6.22-68.4") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "avahi / avahi-compat-howl-devel / avahi-compat-mDNSResponder-devel / etc");
}
VendorProductVersionCPE
novellopensuseavahip-cpe:/a:novell:opensuse:avahi
novellopensuseavahi-compat-howl-develp-cpe:/a:novell:opensuse:avahi-compat-howl-devel
novellopensuseavahi-compat-mdnsresponder-develp-cpe:/a:novell:opensuse:avahi-compat-mdnsresponder-devel
novellopensuseavahi-langp-cpe:/a:novell:opensuse:avahi-lang
novellopensuseavahi-utilsp-cpe:/a:novell:opensuse:avahi-utils
novellopensuseavahi-utils-gtkp-cpe:/a:novell:opensuse:avahi-utils-gtk
novellopensuselibavahi-client3p-cpe:/a:novell:opensuse:libavahi-client3
novellopensuselibavahi-client3-32bitp-cpe:/a:novell:opensuse:libavahi-client3-32bit
novellopensuselibavahi-common3p-cpe:/a:novell:opensuse:libavahi-common3
novellopensuselibavahi-common3-32bitp-cpe:/a:novell:opensuse:libavahi-common3-32bit
Rows per page:
1-10 of 231

Related

nessus 13
securityvulns 3
openvas 13
debiancve 1
prion 1
ubuntucve 1
cve 1
gentoo 1
veracode 1
centos 1
redhat 2
osv 1
oraclelinux 1
debian 1
ubuntu 1
nessus
nessus
SuSE 10 Security Update : avahi (ZYPP Patch Number 6787)
2011-01-27 00:00:00
SuSE 10 Security Update : avahi (ZYPP Patch Number 6790)
2010-10-11 00:00:00
GLSA-200904-10 : Avahi: Denial of Service
2009-04-11 00:00:00
securityvulns
securityvulns
[ MDVSA-2009:076 ] avahi
2009-03-17 00:00:00
Avahi multicast DNS server DoS
2009-03-17 00:00:00
[SECURITY] [DSA 2086-1] New avahi packages fix denial of service
2010-08-05 00:00:00
openvas
openvas
Mandrake Security Advisory MDVSA-2009:076 (avahi)
2009-03-20 00:00:00
Gentoo Security Advisory GLSA 200904-10 (avahi)
2009-04-15 00:00:00
Mandrake Security Advisory MDVSA-2009:076 (avahi)
2009-03-20 00:00:00
debiancve
debiancve
CVE-2009-0758
2009-03-03 16:30:00
prion
prion
Code injection
2009-03-03 16:30:00
ubuntucve
ubuntucve
CVE-2009-0758
2009-03-03 00:00:00
cve
cve
CVE-2009-0758
2009-03-03 16:30:00
gentoo
gentoo
Avahi: Denial of service
2009-04-08 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:49:23
centos
centos
avahi security update
2010-07-14 22:38:14
redhat
redhat
(RHSA-2010:0528) Moderate: avahi security update
2010-07-13 00:00:00
(RHSA-2010:0622) Important: rhev-hypervisor security and bug fix update
2010-08-19 00:00:00
osv
osv
avahi - denial of service
2010-08-04 00:00:00
oraclelinux
oraclelinux
avahi security update
2010-07-13 00:00:00
debian
debian
[SECURITY] [DSA 2086-1] New avahi packages fix denial of service
2010-08-04 02:48:28
ubuntu
ubuntu
Avahi vulnerabilities
2010-09-29 00:00:00
JSON
Related for SUSE_11_0_AVAHI-100119.NASL
nessus13securityvulns3openvas13debiancve1prion1ubuntucve1cve1gentoo1veracode1centos1redhat2osv1oraclelinux1debian1ubuntu1