Test Kennung:	1.3.6.1.4.1.25623.1.0.69366
Kategorie:	FreeBSD Local Security Checks
Titel:	avahi -- denial of service
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: avahi, avahi-app, avahi-autoipd, avahi-gtk, avahi-libdns, avahi-qt3, avahi-qt4, avahi-sharp CVE-2011-1002 avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. CVE-2010-2244 The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1002 BugTraq ID: 46446 http://www.securityfocus.com/bid/46446 Debian Security Information: DSA-2174 (Google Search) http://www.debian.org/security/2011/dsa-2174 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:037 http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/ http://openwall.com/lists/oss-security/2011/02/18/1 http://openwall.com/lists/oss-security/2011/02/18/4 http://www.openwall.com/lists/oss-security/2011/02/22/9 http://osvdb.org/70948 http://www.redhat.com/support/errata/RHSA-2011-0436.html http://www.redhat.com/support/errata/RHSA-2011-0779.html http://secunia.com/advisories/43361 http://secunia.com/advisories/43465 http://secunia.com/advisories/43605 http://secunia.com/advisories/43673 http://secunia.com/advisories/44131 SuSE Security Announcement: SUSE-SR:2011:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://ubuntu.com/usn/usn-1084-1 http://www.vupen.com/english/advisories/2011/0448 http://www.vupen.com/english/advisories/2011/0499 http://www.vupen.com/english/advisories/2011/0511 http://www.vupen.com/english/advisories/2011/0565 http://www.vupen.com/english/advisories/2011/0601 http://www.vupen.com/english/advisories/2011/0670 http://www.vupen.com/english/advisories/2011/0969 XForce ISS Database: avahi-udp-dos(65524) https://exchange.xforce.ibmcloud.com/vulnerabilities/65524 XForce ISS Database: avahi-udp-packet-dos(65525) https://exchange.xforce.ibmcloud.com/vulnerabilities/65525 Common Vulnerability Exposure (CVE) ID: CVE-2010-2244 Debian Security Information: DSA-2086 (Google Search) http://www.debian.org/security/2010/dsa-2086 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043820.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:204 http://www.openwall.com/lists/oss-security/2010/06/23/4 http://marc.info/?l=oss-security&m=127748459505200&w=2 http://www.securitytracker.com/id?1024200
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.