CVE-2017-6519
avahi: Multicast DNS responds to unicast queries outside of local network
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.
avahi-daemon en Avahi, hasta las versiones 0.6.32 y 0.7, responde a consultas IPv6 unicast arbitrarias de manera inadvertida con direcciones de origen que no se pueden resolver localmente, lo que permite a los atacantes remotos provocar una denegación de servicio (amplificación de tráfico) y puede conducir a una fuga de información, obteniendo información potencialmente sensible del dispositivo de respuesta mediante paquetes UDP del puerto 5353. NOTA: podría solaparse con CVE-2015-2809.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-03-07 CVE Reserved
- 2017-05-01 CVE Published
- 2024-08-01 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-346: Origin Validation Error
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://github.com/lathiat/avahi/issues/203#issuecomment-449536790 | Third Party Advisory | |
| https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E | Mailing List | |
| https://www.secfu.net/advisories | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/lathiat/avahi/issues/203 | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1426712 | 2020-03-31 |
| URL | Date | SRC |
|---|---|---|
| https://usn.ubuntu.com/3876-1 | 2023-11-07 | |
| https://usn.ubuntu.com/3876-2 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2017-6519 | 2020-03-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Avahi Search vendor "Avahi" | Avahi Search vendor "Avahi" for product "Avahi" | <= 0.6.32 Search vendor "Avahi" for product "Avahi" and version " <= 0.6.32" | - |
Affected
| ||||||
| Avahi Search vendor "Avahi" | Avahi Search vendor "Avahi" for product "Avahi" | 0.7 Search vendor "Avahi" for product "Avahi" and version "0.7" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10" | - |
Affected
| ||||||