CVE-2011-1002

Published: Feb 22, 2011Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.

Affected (45)

Products: Avahi: Avahi · Fedoraproject: Fedora · Redhat: Enterprise Linux · +2 more

Show all products

Avahi: Avahi · Fedoraproject: Fedora · Redhat: Enterprise Linux · Canonical: Ubuntu Linux · Debian: Debian Linux

1 product

1 product

1 product

1 product

1 product

Configuration A

35 vulnerable

Vulnerable Software	Affected Versions
Avahi Avahi	Up to 0.6.28
Avahi Avahi	Version 0.1
Avahi Avahi	Version 0.2
Avahi Avahi	Version 0.3
Avahi Avahi	Version 0.4
Avahi Avahi	Version 0.5.1
Avahi Avahi	Version 0.5.2
Avahi Avahi	Version 0.5
Avahi Avahi	Version 0.6.10
Avahi Avahi	Version 0.6.11
Avahi Avahi	Version 0.6.12
Avahi Avahi	Version 0.6.13
Avahi Avahi	Version 0.6.14
Avahi Avahi	Version 0.6.15
Avahi Avahi	Version 0.6.16
Avahi Avahi	Version 0.6.17
Avahi Avahi	Version 0.6.18
Avahi Avahi	Version 0.6.19
Avahi Avahi	Version 0.6.1
Avahi Avahi	Version 0.6.20
Avahi Avahi	Version 0.6.21
Avahi Avahi	Version 0.6.22
Avahi Avahi	Version 0.6.23
Avahi Avahi	Version 0.6.24
Avahi Avahi	Version 0.6.25
Avahi Avahi	Version 0.6.26
Avahi Avahi	Version 0.6.27
Avahi Avahi	Version 0.6.2
Avahi Avahi	Version 0.6.3
Avahi Avahi	Version 0.6.4
Avahi Avahi	Version 0.6.5
Avahi Avahi	Version 0.6.6
Avahi Avahi	Version 0.6.7
Avahi Avahi	Version 0.6.8
Avahi Avahi	Version 0.6.9

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 15
Redhat Enterprise Linux	Version 5.0
Redhat Enterprise Linux	Version 6.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 10.10
Canonical Ubuntu Linux	Version 8.04
Canonical Ubuntu Linux	Version 9.10

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 5.0
Debian Debian Linux	Version 6.0
Debian Debian Linux	Version 7.0

Related CWEs

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (62)

http://avahi.org/ticket/325

Source: secalert@redhat.com

Broken Link

http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6

Source: secalert@redhat.com

Broken Link

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

Source: secalert@redhat.com

Third Party Advisory

http://openwall.com/lists/oss-security/2011/02/18/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://openwall.com/lists/oss-security/2011/02/18/4

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://osvdb.org/70948

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/43361

Source: secalert@redhat.com

Broken LinkVendor Advisory

http://secunia.com/advisories/43465

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/43605

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/43673

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/44131

Source: secalert@redhat.com

Broken Link

http://ubuntu.com/usn/usn-1084-1

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2011/dsa-2174

Source: secalert@redhat.com

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2011:037

Source: secalert@redhat.com

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2011:040

Source: secalert@redhat.com

Broken Link

http://www.openwall.com/lists/oss-security/2011/02/22/9

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.redhat.com/support/errata/RHSA-2011-0436.html

Source: secalert@redhat.com

Broken Link

http://www.redhat.com/support/errata/RHSA-2011-0779.html

Source: secalert@redhat.com

Broken Link

http://www.securityfocus.com/bid/46446

Source: secalert@redhat.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.vupen.com/english/advisories/2011/0448

Source: secalert@redhat.com

Broken LinkVendor Advisory

http://www.vupen.com/english/advisories/2011/0499

Source: secalert@redhat.com

Broken LinkVendor Advisory

http://www.vupen.com/english/advisories/2011/0511

Source: secalert@redhat.com

Broken Link

http://www.vupen.com/english/advisories/2011/0565

Source: secalert@redhat.com

Broken Link

http://www.vupen.com/english/advisories/2011/0601

Source: secalert@redhat.com

Broken Link

http://www.vupen.com/english/advisories/2011/0670

Source: secalert@redhat.com

Broken Link

http://www.vupen.com/english/advisories/2011/0969

Source: secalert@redhat.com

Broken Link

http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/

Source: secalert@redhat.com

ExploitThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=667187

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/65524

Source: secalert@redhat.com

Not Applicable

https://exchange.xforce.ibmcloud.com/vulnerabilities/65525

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://avahi.org/ticket/325