[Pkg-utopia-maintainers] Bug#986018: avahi-daemon: local DoS (daemon dies) on badly formatted hostname query to /run/avahi-daemon/socket

Salvatore Bonaccorso carnil at debian.org
Fri Apr 16 07:57:17 BST 2021


Hi,

On Sat, Mar 27, 2021 at 11:48:08PM +0100, Thomas Kremer wrote:
> Package: avahi-daemon
> Version: 0.8-5
> Severity: important
> Tags: security
> Control: notfound -1 0.7-4+b1
> 
> Dear Maintainers,
> 
> I found another local denial-of-service vulnerability in avahi-daemon.
> It can be triggered by trying to resolve badly-formatted hostnames on
> the /run/avahi-daemon/socket interface (I stumbled upon it, accidentally
> trying to resolve an IP as a hostname...)
> This time the daemon just dies, and this time buster is not affected.
> 
> Steps to reproduce:
>   $ (echo "RESOLVE-HOSTNAME a"; sleep 3;) | socat - /run/avahi-daemon/socket
>   $ ps -FC avahi-daemon
> 
> Same results for these queries: "a.", ".a", "a..b", ".b.c", "a.b.."
> 
> Note that every local user has access to the socket.

This is now CVE-2021-3502.

Have you reported the issue to upstream?

Regards,
Salvatore



More information about the Pkg-utopia-maintainers mailing list