Hi Michael, * Michael Biebl <bi...@debian.org> [2009-03-19 17:53]: > Rob Leslie wrote: > > Package: avahi-daemon > > Version: 0.6.23-3lenny1 > > Severity: important > > Tags: patch > > > > The avahi-daemon reflector contains a bug that causes packet storms when > > reflecting legacy unicast mDNS traffic. What happens is the reflector > > forwards the initial multicast query onto the other interfaces, and then > > receives it back from the same interfaces (IP_MULTICAST_LOOP) but doesn't > > recognize it as the legacy unicast packet it just forwarded. It therefore > > acts as though it were a separate query and forwards it back onto all the > > other interfaces (including the original) and the process repeats ad > > infinitum -- until the box locks up (I've had some automatically reboot via > > watchdog) or if lucky the legacy unicast reflection slots that avahi-daemon > > maintains will fill up and the storm will abate. A symptom of the latter > > case is the syslog message "No slot available for legacy unicast reflection, > > dropping query packet." (See also Avahi ticket #216 which seems to be > > indicative of this problem.) > > > > The problem is that the originates_from_local_legacy_unicast_socket() > > routine in avahi-core/server.c fails to take the network byte order of > > .sin_port into account when examining incoming multicast packets. The > > attached patch corrects this problem. > > > > Hi Rob, > > thanks for the bug report and the patch. > > Looks like this is filed as CVE-2009-0758 [1]
Yes true, we already have that in the security tracker: http://security-tracker.debian.net/tracker/CVE-2009-0758 > Nico, do you consider that important enough for a s-s-u upload? As avahi is mostly used on end-user desktop machines and this feature is switched off by default (and I don't expect end-users and typical desktop users to switch it on) I'd say no. I would be happy if you upload a fixed package to stable and oldstable directly. Please raise your voice if you have a different opinion about that! Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgp61OdH7n6Uz.pgp
Description: PGP signature
