[Pkg-utopia-maintainers] Bug#917047: avahi: CVE-2018-1000845: DNS amplification and reflection to spoofed addresses

Trent Lloyd trent at lloyd.id.au
Sat Dec 22 01:30:03 GMT 2018


I have pushed a fix upstream for the issue here:
https://github.com/lathiat/avahi/commit/e111def44a7df4624a4aa3f85fe98054bffb6b4f

I have only performed basic validation so far, however the following 
scapy query now fails:
send(IP(src="1.1.1.1",dst="DEST_IP")/UDP(sport=53, 
dport=5353)/DNS(rd=1,qd=DNSQR(qtype="PTR", qname="_ssh._tcp.local.")))

And the following legitimate legacy unicast query still works:
dig HOSTNAME.local @DEST_IP -p 5353


Note that for the test scapy to work, you have to publish an _ssh._tcp 
service, e.g. put the example ssh.service into /etc/avahi/services. To 
avoid that, you can query for the machine's mdns hostname as an A record 
instead.
send(IP(src="1.1.1.1",dst="DEST_IP")/UDP(sport=53, 
dport=5353)/DNS(rd=1,qd=DNSQR(qtype="A", qname="HOSTNAME.local.")))



More information about the Pkg-utopia-maintainers mailing list