ID CVE-2006-6870
Summary The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.
References
Vulnerable Configurations
  • Avahi 0.6.10
    cpe:2.3:a:avahi:avahi:0.6.10
  • Avahi 0.6.11
    cpe:2.3:a:avahi:avahi:0.6.11
  • Avahi 0.6.12
    cpe:2.3:a:avahi:avahi:0.6.12
  • Avahi 0.6.13
    cpe:2.3:a:avahi:avahi:0.6.13
  • Avahi 0.6.14
    cpe:2.3:a:avahi:avahi:0.6.14
  • Avahi 0.6.15
    cpe:2.3:a:avahi:avahi:0.6.15
  • Avahi 0.6.7
    cpe:2.3:a:avahi:avahi:0.6.7
  • Avahi 0.6.8
    cpe:2.3:a:avahi:avahi:0.6.8
  • Avahi 0.6.9
    cpe:2.3:a:avahi:avahi:0.6.9
CVSS
Base: 5.0 (as of 04-01-2007 - 20:48)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_AVAHI-2986.NASL
    description This update fixes a remote denial of service problem in avahi, where attackers could cause an endless loop. (CVE-2006-6870)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29382
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29382
    title SuSE 10 Security Update : avahi (ZYPP Patch Number 2986)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-019.NASL
    description This update shoul fix CVE-2006-6870 reported in #221440. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 24186
    published 2007-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24186
    title Fedora Core 6 : avahi-0.6.16-1.fc6 (2007-019)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-018.NASL
    description avahi-0.6.11-3.fc5 should fix CVE-2006-6870 - the consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 24185
    published 2007-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24185
    title Fedora Core 5 : avahi-0.6.11-3.fc5 (2007-018)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_AVAHI-2982.NASL
    description This update fixes a remote denial of service problem in avahi, where attackers could cause an endless loop. (CVE-2006-6870)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27161
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27161
    title openSUSE 10 Security Update : avahi (avahi-2982)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-402-1.NASL
    description A flaw was discovered in Avahi's handling of compressed DNS packets. If a specially crafted reply were received over the network, the Avahi daemon would go into an infinite loop, causing a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 27990
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27990
    title Ubuntu 5.10 / 6.06 LTS / 6.10 : avahi vulnerability (USN-402-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-003.NASL
    description The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself. Updated packages are patched to address this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24620
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24620
    title Mandrake Linux Security Advisory : avahi (MDKSA-2007:003)
refmap via4
bid 21881
confirm
fedora
  • FEDORA-2007-018
  • FEDORA-2007-019
mandriva MDKSA-2007:003
secunia
  • 23628
  • 23644
  • 23660
  • 23673
  • 23782
  • 24995
suse SUSE-SR:2007:007
ubuntu USN-402-1
vupen ADV-2007-0071
Last major update 07-03-2011 - 21:47
Published 31-12-2006 - 00:00
Back to Top