CVE-2011-1002

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-1002
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://avahi.org/ticket/325 Broken Link
http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6 Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html Third Party Advisory
http://openwall.com/lists/oss-security/2011/02/18/1 Mailing List Third Party Advisory
http://openwall.com/lists/oss-security/2011/02/18/4 Mailing List Third Party Advisory
http://osvdb.org/70948 Broken Link
http://secunia.com/advisories/43361 Broken Link Vendor Advisory
http://secunia.com/advisories/43465 Broken Link
http://secunia.com/advisories/43605 Broken Link
http://secunia.com/advisories/43673 Broken Link
http://secunia.com/advisories/44131 Broken Link
http://ubuntu.com/usn/usn-1084-1 Third Party Advisory
http://www.debian.org/security/2011/dsa-2174 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:037 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 Broken Link
http://www.openwall.com/lists/oss-security/2011/02/22/9 Mailing List Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0436.html Broken Link
http://www.redhat.com/support/errata/RHSA-2011-0779.html Broken Link
http://www.securityfocus.com/bid/46446 Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2011/0448 Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2011/0499 Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2011/0511 Broken Link
http://www.vupen.com/english/advisories/2011/0565 Broken Link
http://www.vupen.com/english/advisories/2011/0601 Broken Link
http://www.vupen.com/english/advisories/2011/0670 Broken Link
http://www.vupen.com/english/advisories/2011/0969 Broken Link
http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/ Exploit Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=667187 Issue Tracking Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65524 Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/65525 Third Party Advisory VDB Entry
http://avahi.org/ticket/325 Broken Link
http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6 Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html Third Party Advisory
http://openwall.com/lists/oss-security/2011/02/18/1 Mailing List Third Party Advisory
http://openwall.com/lists/oss-security/2011/02/18/4 Mailing List Third Party Advisory
http://osvdb.org/70948 Broken Link
http://secunia.com/advisories/43361 Broken Link Vendor Advisory
http://secunia.com/advisories/43465 Broken Link
http://secunia.com/advisories/43605 Broken Link
http://secunia.com/advisories/43673 Broken Link
http://secunia.com/advisories/44131 Broken Link
http://ubuntu.com/usn/usn-1084-1 Third Party Advisory
http://www.debian.org/security/2011/dsa-2174 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:037 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 Broken Link
http://www.openwall.com/lists/oss-security/2011/02/22/9 Mailing List Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0436.html Broken Link
http://www.redhat.com/support/errata/RHSA-2011-0779.html Broken Link
http://www.securityfocus.com/bid/46446 Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2011/0448 Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2011/0499 Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2011/0511 Broken Link
http://www.vupen.com/english/advisories/2011/0565 Broken Link
http://www.vupen.com/english/advisories/2011/0601 Broken Link
http://www.vupen.com/english/advisories/2011/0670 Broken Link
http://www.vupen.com/english/advisories/2011/0969 Broken Link
http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/ Exploit Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=667187 Issue Tracking Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65524 Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/65525 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.1:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.2:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.3:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.4:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.5:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.4:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.5:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.6:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.7:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.8:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.9:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.10:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.11:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.12:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.13:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.14:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.15:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.16:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.17:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.18:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.19:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.20:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.21:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.22:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.23:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.24:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.25:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.26:*:*:*:*:*:*:*
cpe:2.3:a:avahi:avahi:0.6.27:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
History

21 Nov 2024, 01:25

Type Values Removed Values Added
References () http://avahi.org/ticket/325 - Broken Link () http://avahi.org/ticket/325 - Broken Link
References () http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6 - Broken Link () http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6 - Broken Link
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html - Mailing List, Third Party Advisory () http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html - Third Party Advisory
References () http://openwall.com/lists/oss-security/2011/02/18/1 - Mailing List, Third Party Advisory () http://openwall.com/lists/oss-security/2011/02/18/1 - Mailing List, Third Party Advisory
References () http://openwall.com/lists/oss-security/2011/02/18/4 - Mailing List, Third Party Advisory () http://openwall.com/lists/oss-security/2011/02/18/4 - Mailing List, Third Party Advisory
References () http://osvdb.org/70948 - Broken Link () http://osvdb.org/70948 - Broken Link
References () http://secunia.com/advisories/43361 - Broken Link, Vendor Advisory () http://secunia.com/advisories/43361 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/43465 - Broken Link () http://secunia.com/advisories/43465 - Broken Link
References () http://secunia.com/advisories/43605 - Broken Link () http://secunia.com/advisories/43605 - Broken Link
References () http://secunia.com/advisories/43673 - Broken Link () http://secunia.com/advisories/43673 - Broken Link
References () http://secunia.com/advisories/44131 - Broken Link () http://secunia.com/advisories/44131 - Broken Link
References () http://ubuntu.com/usn/usn-1084-1 - Third Party Advisory () http://ubuntu.com/usn/usn-1084-1 - Third Party Advisory
References () http://www.debian.org/security/2011/dsa-2174 - Third Party Advisory () http://www.debian.org/security/2011/dsa-2174 - Third Party Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:037 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2011:037 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 - Broken Link
References () http://www.openwall.com/lists/oss-security/2011/02/22/9 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2011/02/22/9 - Mailing List, Third Party Advisory
References () http://www.redhat.com/support/errata/RHSA-2011-0436.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2011-0436.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2011-0779.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2011-0779.html - Broken Link
References () http://www.securityfocus.com/bid/46446 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/46446 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.vupen.com/english/advisories/2011/0448 - Broken Link, Vendor Advisory () http://www.vupen.com/english/advisories/2011/0448 - Broken Link, Vendor Advisory
References () http://www.vupen.com/english/advisories/2011/0499 - Broken Link, Vendor Advisory () http://www.vupen.com/english/advisories/2011/0499 - Broken Link, Vendor Advisory
References () http://www.vupen.com/english/advisories/2011/0511 - Broken Link () http://www.vupen.com/english/advisories/2011/0511 - Broken Link
References () http://www.vupen.com/english/advisories/2011/0565 - Broken Link () http://www.vupen.com/english/advisories/2011/0565 - Broken Link
References () http://www.vupen.com/english/advisories/2011/0601 - Broken Link () http://www.vupen.com/english/advisories/2011/0601 - Broken Link
References () http://www.vupen.com/english/advisories/2011/0670 - Broken Link () http://www.vupen.com/english/advisories/2011/0670 - Broken Link
References () http://www.vupen.com/english/advisories/2011/0969 - Broken Link () http://www.vupen.com/english/advisories/2011/0969 - Broken Link
References () http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/ - Exploit, Third Party Advisory () http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/ - Exploit, Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=667187 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=667187 - Issue Tracking, Third Party Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/65524 - Not Applicable () https://exchange.xforce.ibmcloud.com/vulnerabilities/65524 - Not Applicable
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/65525 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/65525 - Third Party Advisory, VDB Entry

22 Dec 2023, 18:19

Type Values Removed Values Added
CWE CWE-399 CWE-835
CPE cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
First Time Canonical ubuntu Linux
Fedoraproject fedora
Fedoraproject
Redhat enterprise Linux
Canonical
Redhat
Debian debian Linux
Debian
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=667187 - (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=667187 - Issue Tracking, Third Party Advisory
References (VUPEN) http://www.vupen.com/english/advisories/2011/0670 - (VUPEN) http://www.vupen.com/english/advisories/2011/0670 - Broken Link
References (BID) http://www.securityfocus.com/bid/46446 - (BID) http://www.securityfocus.com/bid/46446 - Broken Link, Third Party Advisory, VDB Entry
References (MISC) http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6 - (MISC) http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6 - Broken Link
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-0779.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-0779.html - Broken Link
References (SECUNIA) http://secunia.com/advisories/43465 - (SECUNIA) http://secunia.com/advisories/43465 - Broken Link
References (UBUNTU) http://ubuntu.com/usn/usn-1084-1 - (UBUNTU) http://ubuntu.com/usn/usn-1084-1 - Third Party Advisory
References (VUPEN) http://www.vupen.com/english/advisories/2011/0448 - Vendor Advisory (VUPEN) http://www.vupen.com/english/advisories/2011/0448 - Broken Link, Vendor Advisory
References (MISC) http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/ - (MISC) http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/ - Exploit, Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/43673 - (SECUNIA) http://secunia.com/advisories/43673 - Broken Link
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 - Broken Link
References (MLIST) http://openwall.com/lists/oss-security/2011/02/18/1 - (MLIST) http://openwall.com/lists/oss-security/2011/02/18/1 - Mailing List, Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/43361 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/43361 - Broken Link, Vendor Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2011/02/22/9 - (MLIST) http://www.openwall.com/lists/oss-security/2011/02/22/9 - Mailing List, Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/44131 - (SECUNIA) http://secunia.com/advisories/44131 - Broken Link
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/65525 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/65525 - Third Party Advisory, VDB Entry
References (VUPEN) http://www.vupen.com/english/advisories/2011/0565 - (VUPEN) http://www.vupen.com/english/advisories/2011/0565 - Broken Link
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html - Third Party Advisory
References (VUPEN) http://www.vupen.com/english/advisories/2011/0499 - Vendor Advisory (VUPEN) http://www.vupen.com/english/advisories/2011/0499 - Broken Link, Vendor Advisory
References (VUPEN) http://www.vupen.com/english/advisories/2011/0511 - (VUPEN) http://www.vupen.com/english/advisories/2011/0511 - Broken Link
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-0436.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-0436.html - Broken Link
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/65524 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/65524 - Not Applicable
References (VUPEN) http://www.vupen.com/english/advisories/2011/0601 - (VUPEN) http://www.vupen.com/english/advisories/2011/0601 - Broken Link
References (SECUNIA) http://secunia.com/advisories/43605 - (SECUNIA) http://secunia.com/advisories/43605 - Broken Link
References (CONFIRM) http://avahi.org/ticket/325 - (CONFIRM) http://avahi.org/ticket/325 - Broken Link
References (OSVDB) http://osvdb.org/70948 - (OSVDB) http://osvdb.org/70948 - Broken Link
References (DEBIAN) http://www.debian.org/security/2011/dsa-2174 - (DEBIAN) http://www.debian.org/security/2011/dsa-2174 - Third Party Advisory
References (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html - (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html - Mailing List, Third Party Advisory
References (MLIST) http://openwall.com/lists/oss-security/2011/02/18/4 - (MLIST) http://openwall.com/lists/oss-security/2011/02/18/4 - Mailing List, Third Party Advisory
References (VUPEN) http://www.vupen.com/english/advisories/2011/0969 - (VUPEN) http://www.vupen.com/english/advisories/2011/0969 - Broken Link
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2011:037 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2011:037 - Broken Link

07 Nov 2023, 02:06

Type Values Removed Values Added
Summary avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
Information

Published : 2011-02-22 19:00

Updated : 2024-11-21 01:25

NVD link : CVE-2011-1002

Mitre link : CVE-2011-1002

CVE.ORG link : CVE-2011-1002

JSON object : View

Products Affected

redhat

  • enterprise_linux

canonical

  • ubuntu_linux

avahi

  • avahi

debian

  • debian_linux

fedoraproject

  • fedora
CWE
CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024