CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 0CVE-2009-0758 – avahi: remote DoS via legacy unicast mDNS queries
https://notcve.org/view.php?id=CVE-2009-0758
The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm. La función originates_from_local_legacy_unicast_socket en avahi-core/server.c en avahi-daemon v0.6.23 no tiene en cuenta la orden del byte de red de un numero de puerto cuando se esta procesando la llegada de paquetes multidifusión, lo que permite a atacantes remotos producir una denegación de servicio (agotamiento de ancho de banda y CPU) a través de un paquete de petición legada monodifusión mDNS que dispara una tormenta de paquetes multidifusión. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517683 http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html http://secunia.com/advisories/38420 http://www.debian.org/security/2010/dsa-2086 http://www.mandriva.com/security/advisories?name=MDVSA-2009:076 http://www.openwall.com/lists/oss-security/2009/03/02/1 http://www.securityfocus.com/bid/33946 https://access.redhat.com/security/cve/CVE-2009-0758 https://bugzilla.redhat.com/show_bug.cgi?id=488314 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 95%CPEs: 30EXPL: 1CVE-2008-5081 – Avahi < 0.6.24 - mDNS Daemon Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-5081
The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure. La función originates_from_local_legacy_unicast_socket (avahi-core/server.c)en avahi-daemon en Avahi anterior a v0.6.24 permite a atacantes remotos producir una denegación de servicio (caída) a través de un paquete mDNS manipulado con un puerto de origen de 0, que dispara un fallo de evaluación. Avahi-daemon versions prior to 0.6.24 can be DoSd with an mDNS packet with a source port of 0. • https://www.exploit-db.com/exploits/7520 http://avahi.org/milestone/Avahi%200.6.24 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://secunia.com/advisories/33153 http://secunia.com/advisories/33220 http://secunia.com/advisories/33279 http://secunia.com/advisories/33475 http://security.gentoo.org/glsa/glsa-200901-11.xml http://www.debian.org/security/2008/dsa-1690 http://www.openwall.com/lists/oss-security/2008/12/14/1 http://www • CWE-399: Resource Management Errors •