[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2010:0528-01 -- Redhat avahi

ID: oval:org.secpod.oval:def:500463Date: (C)2012-01-31   (M)2023-12-26
Class: PATCHFamily: unix




Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon processed Multicast DNS packets with corrupted checksums. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to exit unexpectedly via specially-crafted mDNS packets. A flaw was found in the way avahi-daemon processed incoming unicast mDNS messages. If the mDNS reflector were enabled on a system, an attacker on the local network could send a specially-crafted unicast mDNS message to that system, resulting in its avahi-daemon flooding the network with a multicast packet storm, and consuming a large amount of CPU. Note: The mDNS reflector is disabled by default. All users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, avahi-daemon will be restarted automatically.

Platform:
Red Hat Enterprise Linux 5
Product:
avahi
Reference:
RHSA-2010:0528-01
CVE-2009-0758
CVE-2010-2244
CVE    2
CVE-2009-0758
CVE-2010-2244
CPE    2
cpe:/a:avahi:avahi
cpe:/o:redhat:enterprise_linux:5

© SecPod Technologies