Rob Leslie wrote: > Package: avahi-daemon > Version: 0.6.23-3lenny1 > Severity: important > Tags: patch > > The avahi-daemon reflector contains a bug that causes packet storms when > reflecting legacy unicast mDNS traffic. What happens is the reflector > forwards the initial multicast query onto the other interfaces, and then > receives it back from the same interfaces (IP_MULTICAST_LOOP) but doesn't > recognize it as the legacy unicast packet it just forwarded. It therefore > acts as though it were a separate query and forwards it back onto all the > other interfaces (including the original) and the process repeats ad > infinitum -- until the box locks up (I've had some automatically reboot via > watchdog) or if lucky the legacy unicast reflection slots that avahi-daemon > maintains will fill up and the storm will abate. A symptom of the latter > case is the syslog message "No slot available for legacy unicast reflection, > dropping query packet." (See also Avahi ticket #216 which seems to be > indicative of this problem.) > > The problem is that the originates_from_local_legacy_unicast_socket() > routine in avahi-core/server.c fails to take the network byte order of > .sin_port into account when examining incoming multicast packets. The > attached patch corrects this problem. >
Hi Rob, thanks for the bug report and the patch. Looks like this is filed as CVE-2009-0758 [1] Nico, do you consider that important enough for a s-s-u upload? Cheers, Michael [1] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0758 -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
