[Pkg-utopia-maintainers] Bug#517683: Bug#517683: avahi-daemon: reflector creates packet storm on legacy unicast traffic

Nico Golde nion at debian.org
Thu Mar 19 17:20:14 UTC 2009


Hi Michael,
* Michael Biebl <biebl at debian.org> [2009-03-19 17:53]:
> Rob Leslie wrote:
> > Package: avahi-daemon
> > Version: 0.6.23-3lenny1
> > Severity: important
> > Tags: patch
> > 
> > The avahi-daemon reflector contains a bug that causes packet storms when
> > reflecting legacy unicast mDNS traffic. What happens is the reflector
> > forwards the initial multicast query onto the other interfaces, and then
> > receives it back from the same interfaces (IP_MULTICAST_LOOP) but doesn't
> > recognize it as the legacy unicast packet it just forwarded. It therefore
> > acts as though it were a separate query and forwards it back onto all the
> > other interfaces (including the original) and the process repeats ad
> > infinitum -- until the box locks up (I've had some automatically reboot via
> > watchdog) or if lucky the legacy unicast reflection slots that avahi-daemon
> > maintains will fill up and the storm will abate. A symptom of the latter
> > case is the syslog message "No slot available for legacy unicast reflection,
> > dropping query packet." (See also Avahi ticket #216 which seems to be
> > indicative of this problem.)
> > 
> > The problem is that the originates_from_local_legacy_unicast_socket()
> > routine in avahi-core/server.c fails to take the network byte order of
> > .sin_port into account when examining incoming multicast packets. The
> > attached patch corrects this problem.
> > 
> 
> Hi Rob,
> 
> thanks for the bug report and the patch.
> 
> Looks like this is filed as CVE-2009-0758 [1]

Yes true, we already have that in the security tracker:
http://security-tracker.debian.net/tracker/CVE-2009-0758

> Nico, do you consider that important enough for a s-s-u upload?

As avahi is mostly used on end-user desktop machines and 
this feature is switched off by default (and I don't expect 
end-users and typical desktop users to switch it on) I'd say 
no. I would be happy if you upload a fixed package to stable 
and oldstable directly. Please raise your voice if you have 
a different opinion about that!

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20090319/27bc24b4/attachment.pgp 


More information about the Pkg-utopia-maintainers mailing list