ID CVE-2006-6870
Summary The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself. This vulnerability is addressed in the following product release: Avahi, Avahi, 0.6.16
References
Vulnerable Configurations
  • cpe:2.3:a:avahi:avahi:0.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:avahi:avahi:0.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:avahi:avahi:0.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:avahi:avahi:0.6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:avahi:avahi:0.6.9:*:*:*:*:*:*:*
    cpe:2.3:a:avahi:avahi:0.6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:avahi:avahi:0.6.10:*:*:*:*:*:*:*
    cpe:2.3:a:avahi:avahi:0.6.10:*:*:*:*:*:*:*
  • cpe:2.3:a:avahi:avahi:0.6.11:*:*:*:*:*:*:*
    cpe:2.3:a:avahi:avahi:0.6.11:*:*:*:*:*:*:*
  • cpe:2.3:a:avahi:avahi:0.6.12:*:*:*:*:*:*:*
    cpe:2.3:a:avahi:avahi:0.6.12:*:*:*:*:*:*:*
  • cpe:2.3:a:avahi:avahi:0.6.13:*:*:*:*:*:*:*
    cpe:2.3:a:avahi:avahi:0.6.13:*:*:*:*:*:*:*
  • cpe:2.3:a:avahi:avahi:0.6.14:*:*:*:*:*:*:*
    cpe:2.3:a:avahi:avahi:0.6.14:*:*:*:*:*:*:*
  • cpe:2.3:a:avahi:avahi:0.6.15:*:*:*:*:*:*:*
    cpe:2.3:a:avahi:avahi:0.6.15:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 08-03-2011 - 02:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 21881
confirm
fedora
  • FEDORA-2007-018
  • FEDORA-2007-019
mandriva MDKSA-2007:003
secunia
  • 23628
  • 23644
  • 23660
  • 23673
  • 23782
  • 24995
suse SUSE-SR:2007:007
ubuntu USN-402-1
vupen ADV-2007-0071
Last major update 08-03-2011 - 02:47
Published 31-12-2006 - 05:00
Last modified 08-03-2011 - 02:47
Back to Top