CVE-2009-0758

The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
avahiavahi-daemon
0.6.23
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
avahi
bookworm
0.8-10
fixed
bullseye
0.8-5+deb11u2
fixed
etch
no-dsa
sid
0.8-13
fixed
trixie
0.8-13
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
avahi
dapper
ignored
gutsy
ignored
hardy
Fixed 0.6.22-2ubuntu4.2
released
intrepid
ignored
jaunty
Fixed 0.6.23-4ubuntu4.1
released
karmic
not-affected
lucid
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
avahi
suse enterprise desktop 15
0.6.32-3.7
fixed
suse enterprise sap 12 SP5
0.6.32-32.3.1
fixed
suse enterprise sap 15
0.6.32-3.7
fixed
suse enterprise server 12
0.6.31-20.59
fixed
suse enterprise server 12 SP1
0.6.31-20.59
fixed
suse enterprise server 12 SP2
0.6.32-30.36
fixed
suse enterprise server 12 SP3
0.6.32-30.36
fixed
suse enterprise server 12 SP4
0.6.32-30.36
fixed
suse enterprise server 12 SP5
0.6.32-32.3.1
fixed
suse enterprise server 15
0.6.32-3.7
fixed
avahi-autoipd
suse enterprise desktop 15
0.6.32-3.7
fixed
suse enterprise sap 15
0.6.32-3.7
fixed
suse enterprise server 15
0.6.32-3.7
fixed
avahi-compat-howl-devel
suse enterprise desktop 15
0.6.32-3.7
fixed
suse enterprise sap 15
0.6.32-3.7
fixed
suse enterprise server 15
0.6.32-3.7
fixed
avahi-compat-mDNSResponder-devel
suse enterprise desktop 15
0.6.32-3.7
fixed
suse enterprise sap 15
0.6.32-3.7
fixed
suse enterprise server 15
0.6.32-3.7
fixed
avahi-lang
suse enterprise desktop 15
0.6.32-3.7
fixed
suse enterprise sap 12 SP5
0.6.32-32.3.1
fixed
suse enterprise sap 15
0.6.32-3.7
fixed
suse enterprise server 12
0.6.31-20.59
fixed
suse enterprise server 12 SP1
0.6.31-20.59
fixed
suse enterprise server 12 SP2
0.6.32-30.36
fixed
suse enterprise server 12 SP3
0.6.32-30.36
fixed
suse enterprise server 12 SP4
0.6.32-30.36
fixed
suse enterprise server 12 SP5
0.6.32-32.3.1
fixed
suse enterprise server 15
0.6.32-3.7
fixed
avahi-utils
suse enterprise desktop 15
0.6.32-3.7
fixed
suse enterprise sap 12 SP5
0.6.32-32.3.1
fixed
suse enterprise sap 15
0.6.32-3.7
fixed
suse enterprise server 12
0.6.31-20.59
fixed
suse enterprise server 12 SP1
0.6.31-20.59
fixed
suse enterprise server 12 SP2
0.6.32-30.36
fixed
suse enterprise server 12 SP3
0.6.32-30.36
fixed
suse enterprise server 12 SP4
0.6.32-30.36
fixed
suse enterprise server 12 SP5
0.6.32-32.3.1
fixed
suse enterprise server 15
0.6.32-3.7
fixed
libavahi-client3
suse enterprise desktop 15
0.6.32-3.7
fixed
suse enterprise sap 12 SP5
0.6.32-32.3.1
fixed
suse enterprise sap 15
0.6.32-3.7
fixed
suse enterprise server 12
0.6.31-20.59
fixed
suse enterprise server 12 SP1
0.6.31-20.59
fixed
suse enterprise server 12 SP2
0.6.32-30.36
fixed
suse enterprise server 12 SP3
0.6.32-30.36
fixed
suse enterprise server 12 SP4
0.6.32-30.36
fixed
suse enterprise server 12 SP5
0.6.32-32.3.1
fixed
suse enterprise server 15
0.6.32-3.7
fixed
libavahi-client3-32bit
suse enterprise desktop 15
0.6.32-3.7
fixed
suse enterprise sap 12 SP5
0.6.32-32.3.1
fixed
suse enterprise sap 15
0.6.32-3.7
fixed
suse enterprise server 12
0.6.31-20.59
fixed
suse enterprise server 12 SP1
0.6.31-20.59
fixed
suse enterprise server 12 SP2
0.6.32-30.36
fixed
suse enterprise server 12 SP3
0.6.32-30.36
fixed
suse enterprise server 12 SP4
0.6.32-30.36
fixed
suse enterprise server 12 SP5
0.6.32-32.3.1
fixed
suse enterprise server 15
0.6.32-3.7
fixed
libavahi-common3
suse enterprise desktop 15
0.6.32-3.7
fixed
suse enterprise sap 12 SP5
0.6.32-32.3.1
fixed
suse enterprise sap 15
0.6.32-3.7
fixed
suse enterprise server 12
0.6.31-20.59
fixed
suse enterprise server 12 SP1
0.6.31-20.59
fixed
suse enterprise server 12 SP2
0.6.32-30.36
fixed
suse enterprise server 12 SP3
0.6.32-30.36
fixed
suse enterprise server 12 SP4
0.6.32-30.36
fixed
suse enterprise server 12 SP5
0.6.32-32.3.1
fixed
suse enterprise server 15
0.6.32-3.7
fixed
libavahi-common3-32bit
suse enterprise desktop 15
0.6.32-3.7
fixed
suse enterprise sap 12 SP5
0.6.32-32.3.1
fixed
suse enterprise sap 15
0.6.32-3.7
fixed
suse enterprise server 12
0.6.31-20.59
fixed
suse enterprise server 12 SP1
0.6.31-20.59
fixed
suse enterprise server 12 SP2
0.6.32-30.36
fixed
suse enterprise server 12 SP3
0.6.32-30.36
fixed
suse enterprise server 12 SP4
0.6.32-30.36
fixed
suse enterprise server 12 SP5
0.6.32-32.3.1
fixed
suse enterprise server 15
0.6.32-3.7
fixed
libavahi-core7
suse enterprise desktop 15
0.6.32-3.7
fixed
suse enterprise sap 12 SP5
0.6.32-32.3.1
fixed
suse enterprise sap 15
0.6.32-3.7
fixed
suse enterprise server 12
0.6.31-20.59
fixed
suse enterprise server 12 SP1
0.6.31-20.59
fixed
suse enterprise server 12 SP2
0.6.32-30.36
fixed
suse enterprise server 12 SP3
0.6.32-30.36
fixed
suse enterprise server 12 SP4
0.6.32-30.36
fixed
suse enterprise server 12 SP5
0.6.32-32.3.1
fixed
suse enterprise server 15
0.6.32-3.7
fixed
libavahi-devel
suse enterprise desktop 15
0.6.32-3.7
fixed
suse enterprise sap 15
0.6.32-3.7
fixed
suse enterprise server 15
0.6.32-3.7
fixed
libdns_sd
suse enterprise desktop 15
0.6.32-3.7
fixed
suse enterprise sap 12 SP5
0.6.32-32.3.1
fixed
suse enterprise sap 15
0.6.32-3.7
fixed
suse enterprise server 12
0.6.31-20.59
fixed
suse enterprise server 12 SP1
0.6.31-20.59
fixed
suse enterprise server 12 SP2
0.6.32-30.36
fixed
suse enterprise server 12 SP3
0.6.32-30.36
fixed
suse enterprise server 12 SP4
0.6.32-30.36
fixed
suse enterprise server 12 SP5
0.6.32-32.3.1
fixed
suse enterprise server 15
0.6.32-3.7
fixed
libdns_sd-32bit
suse enterprise sap 12 SP5
0.6.32-32.3.1
fixed
suse enterprise server 12
0.6.31-20.59
fixed
suse enterprise server 12 SP1
0.6.31-20.59
fixed
suse enterprise server 12 SP2
0.6.32-30.36
fixed
suse enterprise server 12 SP3
0.6.32-30.36
fixed
suse enterprise server 12 SP4
0.6.32-30.36
fixed
suse enterprise server 12 SP5
0.6.32-32.3.1
fixed
libhowl0
suse enterprise desktop 15
0.6.32-3.7
fixed
suse enterprise sap 15
0.6.32-3.7
fixed
suse enterprise server 15
0.6.32-3.7
fixed
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517683
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html
http://secunia.com/advisories/38420
http://www.debian.org/security/2010/dsa-2086
http://www.mandriva.com/security/advisories?name=MDVSA-2009:076
http://www.openwall.com/lists/oss-security/2009/03/02/1
http://www.securityfocus.com/bid/33946
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517683
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html
http://secunia.com/advisories/38420
http://www.debian.org/security/2010/dsa-2086
http://www.mandriva.com/security/advisories?name=MDVSA-2009:076
http://www.openwall.com/lists/oss-security/2009/03/02/1
http://www.securityfocus.com/bid/33946