Package: avahi-daemon Version: 0.8-5 Severity: important Tags: security Control: notfound -1 0.7-4+b1
Dear Maintainers, I found another local denial-of-service vulnerability in avahi-daemon. It can be triggered by trying to resolve badly-formatted hostnames on the /run/avahi-daemon/socket interface (I stumbled upon it, accidentally trying to resolve an IP as a hostname...) This time the daemon just dies, and this time buster is not affected. Steps to reproduce: $ (echo "RESOLVE-HOSTNAME a"; sleep 3;) | socat - /run/avahi-daemon/socket $ ps -FC avahi-daemon Same results for these queries: "a.", ".a", "a..b", ".b.c", "a.b.." Note that every local user has access to the socket. Yours Thomas Kremer -- System Information: Debian Release: 10.8 APT prefers stable APT policy: (700, 'stable'), (500, 'oldoldstable'), (500, 'oldstable'), (450, 'testing'), (400, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages avahi-daemon depends on: ii adduser 3.118 ii bind9-host [host] 1:9.11.5.P4+dfsg-5.1+deb10u3 ii dbus 1.12.20-0+deb10u1 ii init-system-helpers 1.56+nmu1 ii libavahi-common3 0.8-5 ii libavahi-core7 0.8-5 ii libc6 2.28-10 ii libcap2 1:2.25-2 ii libdaemon0 0.14-7 ii libdbus-1-3 1.12.20-0+deb10u1 ii libexpat1 2.2.6-2+deb10u1 ii lsb-base 10.2019051400 Versions of packages avahi-daemon recommends: ii libnss-mdns 0.14.1-1 Versions of packages avahi-daemon suggests: pn avahi-autoipd <none> -- no debconf information
