ID CVE-2007-3372
Summary The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.
References
Vulnerable Configurations
  • Avahi 0.6.19
    cpe:2.3:a:avahi:avahi:0.6.19
CVSS
Base: 2.1 (as of 25-06-2007 - 22:52)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_AVAHI-3845.NASL
    description Local attackers could send empty TXT data via D-BUS, causing the avahi daemon to exit. CVE-2007-3372 has been assigned to this issue.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29383
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29383
    title SuSE 10 Security Update : avahi (ZYPP Patch Number 3845)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1690.NASL
    description Two denial of service conditions were discovered in avahi, a Multicast DNS implementation. Huge Dias discovered that the avahi daemon aborts with an assert error if it encounters a UDP packet with source port 0 (CVE-2008-5081 ). It was discovered that the avahi daemon aborts with an assert error if it receives an empty TXT record over D-Bus (CVE-2007-3372 ).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 35253
    published 2008-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35253
    title Debian DSA-1690-1 : avahi - assert errors
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-185.NASL
    description The Avahi daemon in 0.6.20 and previous allows attackers to cause a denial of service via empty TXT data over D-Bus, which triggers an assert error. Updated packages have been patched to prevent this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 26105
    published 2007-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26105
    title Mandrake Linux Security Advisory : avahi (MDKSA-2007:185)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-696-1.NASL
    description Emanuele Aina discovered that Avahi did not properly validate its input when processing data over D-Bus. A local attacker could send an empty TXT message via D-Bus and cause a denial of service (failed assertion). This issue only affected Ubuntu 6.06 LTS. (CVE-2007-3372) Hugo Dias discovered that Avahi did not properly verify its input when processing mDNS packets. A remote attacker could send a crafted mDNS packet and cause a denial of service (assertion failure). (CVE-2008-5081). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 36657
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36657
    title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : avahi vulnerabilities (USN-696-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_AVAHI-3846.NASL
    description Local attackers could send empty TXT data via D-BUS, causing the avahi daemon to exit. CVE-2007-3372 has been assigned to this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27162
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27162
    title openSUSE 10 Security Update : avahi (avahi-3846)
refmap via4
bid 24614
bugtraq 20070628 FLEA-2007-0030-1: avahi avahi-glib avahi-sharp
confirm
debian DSA-1690
mandriva MDKSA-2007:185
osvdb 37507
sectrack 1018706
secunia
  • 25811
  • 26083
  • 26791
  • 33220
  • 33279
suse SUSE-SR:2007:014
ubuntu USN-696-1
vupen ADV-2007-2317
xf avahi-assert-dos(35036)
statements via4
contributor Mark J Cox
lastmodified 2009-01-08
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of avahi as shipped with Red Hat Enterprise Linux 5.
Last major update 30-10-2012 - 22:38
Published 22-06-2007 - 17:30
Last modified 16-10-2018 - 12:48
Back to Top