Debian Avahi vulnerabilities

CVE-2009-0758 [HIGH] CVE-2009-0758: avahi - The originates_from_local_legacy_unicast_socket function in avahi-core/server.c ... The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a mu

CVE-2008-5081 [MEDIUM] CVE-2008-5081: avahi - The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) i... The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure. Scope: local bookworm: resolved (fixed in 0.6.23-3) bullseye: resolved (fixed in 0.6.23-3) forky: resol

CVE-2007-3372 [LOW] CVE-2007-3372: avahi - The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of se... The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error. Scope: local bookworm: resolved (fixed in 0.6.20-2) bullseye: resolved (fixed in 0.6.20-2) forky: resolved (fixed in 0.6.20-2) sid: resolved (fixed in 0.6.20-2) trixie: resolved (fixed in 0.6.20-2)

CVE-2006-2289 [LOW] CVE-2006-2289: avahi - Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execu... Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors. Scope: local bookworm: resolved (fixed in 0.6.10-1) bullseye: resolved (fixed in 0.6.10-1) forky: resolved (fixed in 0.6.10-1) sid: resolved (fixed in 0.6.10-1) trixie: resolved (fixed in 0.6.10-1)

CVE-2006-6870 [MEDIUM] CVE-2006-6870: avahi - The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows re... The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself. Scope: local bookworm: resolved (fixed in 0.6.16-1) bullseye: resolved (fixed in 0.6.16-1) forky: resolved (fixed in 0.6.16-1) sid: resolved (fixed in 0.6.1

CVE-2006-2288 [LOW] CVE-2006-2288: avahi - Avahi before 0.6.10 allows local users to cause a denial of service (mDNS/DNS-SD... Avahi before 0.6.10 allows local users to cause a denial of service (mDNS/DNS-SD service disconnect) via unspecified mDNS name conflicts. Scope: local bookworm: resolved (fixed in 0.6.10-1) bullseye: resolved (fixed in 0.6.10-1) forky: resolved (fixed in 0.6.10-1) sid: resolved (fixed in 0.6.10-1) trixie: resolved (fixed in 0.6.10-1)

CVE-2006-5461 [LOW] CVE-2006-5461: avahi - Avahi before 0.6.15 does not verify the sender identity of netlink messages to e... Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi. Scope: local bookworm: resolved (fixed in 0.6.15-1) bullseye: resolved (fixed in 0.6.15-1) forky: resolved (fixed in 0.6.15-1) sid: resolved (fixed in 0.6.15-1) trixie: