Bug 12136 - CVE-2007-3372 in avahi
Summary: CVE-2007-3372 in avahi
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: avahi (show other bugs)
Version: unstable
Hardware: all Linux
: P2 normal
Assignee: Sergey Bolshakov
QA Contact: qa-sisyphus
URL: http://avahi.org/changeset/1482
Keywords:
Depends on:
Blocks:
 
Reported: 2007-06-25 18:03 MSD by Igor Zubkov
Modified: 2007-07-19 14:35 MSD (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Igor Zubkov 2007-06-25 18:03:13 MSD 
C secunia:

Emanuele Aina has reported a security issue in Avahi, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).

The security issue is caused due to an "assert()" error when receiving empty TXT
data over D-Bus for registration. This can be exploited to terminate the Avahi
daemon by sending empty TXT data.

Ну и два репецта.
1) обновится до 0.6.20
2) или http://avahi.org/changeset/1482

p.s.: почему-то http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3372
говорит что такого CVE нет, хотя на secunia указано именно так.
Comment 1 Igor Zubkov 2007-07-19 14:35:43 MSD 
fixed. как в Сизифе, так и 4.0