CVE-2011-1002
published 2011-02-22CVE-2011-1002: avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or…
PriorityP431medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
29.36%
97.9th percentile
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
Affected
50 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| avahi | avahi | <= 0.6.28 | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
| avahi | avahi | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect empty mDNS UDP packets (zero-length payload) sent to port 5353 on both IPv4 and IPv6 interfaces, which trigger the infinite loop in avahi-daemon ↗
- →Monitor avahi-daemon process for CPU spin / hung state following receipt of UDP traffic on port 5353, indicative of the infinite loop condition ↗
- ·Vulnerability exists specifically because of an incorrect prior fix; systems patched for CVE-2010-2244 but running Avahi before 0.6.29 remain vulnerable ↗
- ·Both IPv4 and IPv6 mDNS listeners on port 5353/udp are affected attack surfaces ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
avahi vulnerability
vendor_ubuntu·2011-03-07
CVE-2011-1002 avahi vulnerability
Title: avahi vulnerability
Summary: An attacker could send crafted input to Avahi and cause it to hang.
It was discovered that Avahi incorrectly handled empty UDP packets. A
remote attacker could send a specially-crafted packet and cause Avahi to
hang, resulting in a denial of service.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
avahi: daemon infinite loop triggered by an empty UDP packet (CVE-2010-2244 fix regression)
vendor_redhat·2011-01-04·CVSS 4.3
CVE-2011-1002 [MEDIUM] CWE-835 avahi: daemon infinite loop triggered by an empty UDP packet (CVE-2010-2244 fix regression)
avahi: daemon infinite loop triggered by an empty UDP packet (CVE-2010-2244 fix regression)
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
Debian
CVE-2011-1002: avahi - avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attacke...
vendor_debian·2011·CVSS 4.3
CVE-2011-1002 [MEDIUM] CVE-2011-1002: avahi - avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attacke...
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
Scope: local
bookworm: resolved (fixed in 0.6.28-4)
bullseye: resolved (fixed in 0.6.28-4)
forky: resolved (fixed in 0.6.28-4)
sid: resolved (fixed in 0.6.28-4)
trixie: resolved (fixed in 0.6.28-4)
GHSA
GHSA-mqr3-725g-5qgw: avahi-core/socket
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2011-1002 [MEDIUM] CWE-835 GHSA-mqr3-725g-5qgw: avahi-core/socket
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
OSV
CVE-2011-1002: avahi-core/socket
osv·2011-02-22·CVSS 4.3
CVE-2011-1002 [MEDIUM] CVE-2011-1002: avahi-core/socket
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
No detection rules found.
No public exploits indexed.
Recorded Future
Top 16 Nmap Commands: Nmap Port Scan Cheat Sheet
blogs_recorded_future
Top 16 Nmap Commands: Nmap Port Scan Cheat Sheet
# Nmap Commands: Top 16 Nmap Scan Techniques Explained
Nmap is one of the most popular network mappers in the infosec world. It’s utilized by cybersecurity professionals and newbies alike to audit and discover local and remote open ports, as well as hosts and network information.
Like many OSINT tools, Nmap stands out not only for being open-source but also for being free, multi-platform, and regularly updated each year. Plus, it's one of the most comprehensive tools available for scanning hosts, networks, and ports.
It includes a large set of options to enhance your scanning and mapping tasks, and brings with it an incredible community and comprehensive documentation to help you understand this tool from the very start. Nmap can be used to:
- Create a complete computer network map
- F
Recorded Future
Top 16 Nmap Commands: Nmap Port Scan Cheat Sheet
blogs_recorded_future
Top 16 Nmap Commands: Nmap Port Scan Cheat Sheet
## Nmap Commands: Top 16 Nmap Scan Techniques Explained
Nmap is one of the most popular network mappers in the infosec world. It’s utilized by cybersecurity professionals and newbies alike to audit and discover local and remote open ports, as well as hosts and network information.
Like many OSINT tools , Nmap stands out not only for being open-source but also for being free, multi-platform, and regularly updated each year. Plus, it's one of the most comprehensive tools available for scanning hosts, networks, and ports.
It includes a large set of options to enhance your scanning and mapping tasks, and brings with it an incredible community and comprehensive documentation to help you understand this tool from the very start. Nmap can be used to:
Create a complete computer network map
Fi
Bugzilla
CVE-2011-1002 avahi: avahi daemon remote DoS by sending NULL UDP (due incorrect CVE-2010-2244 fix) [fedora-all]
bugzilla·2011-02-23·CVSS 4.3
CVE-2011-1002 [MEDIUM] CVE-2011-1002 avahi: avahi daemon remote DoS by sending NULL UDP (due incorrect CVE-2010-2244 fix) [fedora-all]
CVE-2011-1002 avahi: avahi daemon remote DoS by sending NULL UDP (due incorrect CVE-2010-2244 fix) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=667187
Ple
http://avahi.org/ticket/325http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://openwall.com/lists/oss-security/2011/02/18/1http://openwall.com/lists/oss-security/2011/02/18/4http://osvdb.org/70948http://secunia.com/advisories/43361http://secunia.com/advisories/43465http://secunia.com/advisories/43605http://secunia.com/advisories/43673http://secunia.com/advisories/44131http://ubuntu.com/usn/usn-1084-1http://www.debian.org/security/2011/dsa-2174http://www.mandriva.com/security/advisories?name=MDVSA-2011:037http://www.mandriva.com/security/advisories?name=MDVSA-2011:040http://www.openwall.com/lists/oss-security/2011/02/22/9http://www.redhat.com/support/errata/RHSA-2011-0436.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0779.htmlhttp://www.securityfocus.com/bid/46446http://www.vupen.com/english/advisories/2011/0448http://www.vupen.com/english/advisories/2011/0499http://www.vupen.com/english/advisories/2011/0511http://www.vupen.com/english/advisories/2011/0565http://www.vupen.com/english/advisories/2011/0601http://www.vupen.com/english/advisories/2011/0670http://www.vupen.com/english/advisories/2011/0969http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/https://bugzilla.redhat.com/show_bug.cgi?id=667187https://exchange.xforce.ibmcloud.com/vulnerabilities/65524https://exchange.xforce.ibmcloud.com/vulnerabilities/65525http://avahi.org/ticket/325http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://openwall.com/lists/oss-security/2011/02/18/1http://openwall.com/lists/oss-security/2011/02/18/4http://osvdb.org/70948http://secunia.com/advisories/43361http://secunia.com/advisories/43465http://secunia.com/advisories/43605http://secunia.com/advisories/43673http://secunia.com/advisories/44131http://ubuntu.com/usn/usn-1084-1http://www.debian.org/security/2011/dsa-2174http://www.mandriva.com/security/advisories?name=MDVSA-2011:037http://www.mandriva.com/security/advisories?name=MDVSA-2011:040http://www.openwall.com/lists/oss-security/2011/02/22/9http://www.redhat.com/support/errata/RHSA-2011-0436.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0779.htmlhttp://www.securityfocus.com/bid/46446http://www.vupen.com/english/advisories/2011/0448http://www.vupen.com/english/advisories/2011/0499http://www.vupen.com/english/advisories/2011/0511http://www.vupen.com/english/advisories/2011/0565http://www.vupen.com/english/advisories/2011/0601http://www.vupen.com/english/advisories/2011/0670http://www.vupen.com/english/advisories/2011/0969http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/https://bugzilla.redhat.com/show_bug.cgi?id=667187https://exchange.xforce.ibmcloud.com/vulnerabilities/65524https://exchange.xforce.ibmcloud.com/vulnerabilities/65525
2011-02-22
Published