[Pkg-utopia-maintainers] Bug#986018: avahi-daemon: local DoS (daemon dies) on badly formatted hostname query to /run/avahi-daemon/socket
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 16 07:57:17 BST 2021
Hi,
On Sat, Mar 27, 2021 at 11:48:08PM +0100, Thomas Kremer wrote:
> Package: avahi-daemon
> Version: 0.8-5
> Severity: important
> Tags: security
> Control: notfound -1 0.7-4+b1
>
> Dear Maintainers,
>
> I found another local denial-of-service vulnerability in avahi-daemon.
> It can be triggered by trying to resolve badly-formatted hostnames on
> the /run/avahi-daemon/socket interface (I stumbled upon it, accidentally
> trying to resolve an IP as a hostname...)
> This time the daemon just dies, and this time buster is not affected.
>
> Steps to reproduce:
> $ (echo "RESOLVE-HOSTNAME a"; sleep 3;) | socat - /run/avahi-daemon/socket
> $ ps -FC avahi-daemon
>
> Same results for these queries: "a.", ".a", "a..b", ".b.c", "a.b.."
>
> Note that every local user has access to the socket.
This is now CVE-2021-3502.
Have you reported the issue to upstream?
Regards,
Salvatore
More information about the Pkg-utopia-maintainers
mailing list