[Pkg-utopia-maintainers] Bug#917047: avahi: CVE-2018-1000845: DNS amplification and reflection to spoofed addresses
Trent Lloyd
trent at lloyd.id.au
Sat Dec 22 01:30:03 GMT 2018
I have pushed a fix upstream for the issue here:
https://github.com/lathiat/avahi/commit/e111def44a7df4624a4aa3f85fe98054bffb6b4f
I have only performed basic validation so far, however the following
scapy query now fails:
send(IP(src="1.1.1.1",dst="DEST_IP")/UDP(sport=53,
dport=5353)/DNS(rd=1,qd=DNSQR(qtype="PTR", qname="_ssh._tcp.local.")))
And the following legitimate legacy unicast query still works:
dig HOSTNAME.local @DEST_IP -p 5353
Note that for the test scapy to work, you have to publish an _ssh._tcp
service, e.g. put the example ssh.service into /etc/avahi/services. To
avoid that, you can query for the machine's mdns hostname as an A record
instead.
send(IP(src="1.1.1.1",dst="DEST_IP")/UDP(sport=53,
dport=5353)/DNS(rd=1,qd=DNSQR(qtype="A", qname="HOSTNAME.local.")))
More information about the Pkg-utopia-maintainers
mailing list