Upstream information
CVE-2006-6870 at MITRE
Description
The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
CVSS v2 Scores
| | National Vulnerability Database |
|---|
| Base Score | 5 |
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
SUSE Bugzilla entry:
232050 [RESOLVED / FIXED]
SUSE Security Advisories:
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4 | avahi-compat-howl-devel >= 0.6.23-11.32.1avahi-compat-mDNSResponder-devel >= 0.6.23-11.32.1libavahi-devel >= 0.6.23-11.32.1libhowl0 >= 0.6.23-11.32.1python-avahi >= 0.6.23-11.32.1
| Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA avahi-compat-howl-devel-0.6.23-11.32.1 |
| SUSE Linux Enterprise Micro 6.0 | avahi >= 0.8-4.6libavahi-client3 >= 0.8-4.6libavahi-common3 >= 0.8-4.6libavahi-core7 >= 0.8-4.6
| Patchnames:
SUSE Linux Enterprise Micro 6.0 GA avahi-0.8-4.6 |
| SUSE Linux Enterprise Server 11 SP1 | avahi >= 0.6.23-11.19.22avahi-lang >= 0.6.23-11.19.22avahi-utils >= 0.6.23-11.19.22libavahi-client3 >= 0.6.23-11.19.22libavahi-client3-32bit >= 0.6.23-11.19.22libavahi-client3-x86 >= 0.6.23-11.19.22libavahi-common3 >= 0.6.23-11.19.22libavahi-common3-32bit >= 0.6.23-11.19.22libavahi-common3-x86 >= 0.6.23-11.19.22libavahi-core5 >= 0.6.23-11.19.22libdns_sd >= 0.6.23-11.19.22libdns_sd-32bit >= 0.6.23-11.19.22libdns_sd-x86 >= 0.6.23-11.19.22
| Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA avahi-0.6.23-11.19.22 |
| SUSE Linux Enterprise Server 11 SP2 | avahi >= 0.6.23-11.19.22avahi-lang >= 0.6.23-11.19.22avahi-utils >= 0.6.23-11.19.22libavahi-client3 >= 0.6.23-11.19.22libavahi-client3-32bit >= 0.6.23-11.19.22libavahi-client3-x86 >= 0.6.23-11.19.22libavahi-common3 >= 0.6.23-11.19.22libavahi-common3-32bit >= 0.6.23-11.19.22libavahi-common3-x86 >= 0.6.23-11.19.22libavahi-core5 >= 0.6.23-11.19.22libdns_sd >= 0.6.23-11.19.22libdns_sd-32bit >= 0.6.23-11.19.22libdns_sd-x86 >= 0.6.23-11.19.22
| Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA avahi-0.6.23-11.19.22 |
| SUSE Linux Enterprise Server 11 SP3 | avahi >= 0.6.23-11.30.4avahi-lang >= 0.6.23-11.30.4avahi-utils >= 0.6.23-11.30.4libavahi-client3 >= 0.6.23-11.30.4libavahi-client3-32bit >= 0.6.23-11.30.4libavahi-client3-x86 >= 0.6.23-11.30.4libavahi-common3 >= 0.6.23-11.30.4libavahi-common3-32bit >= 0.6.23-11.30.4libavahi-common3-x86 >= 0.6.23-11.30.4libavahi-core5 >= 0.6.23-11.30.4libdns_sd >= 0.6.23-11.30.4libdns_sd-32bit >= 0.6.23-11.30.4libdns_sd-x86 >= 0.6.23-11.30.4
| Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA avahi-0.6.23-11.30.4 |
| SUSE Linux Enterprise Server 11 SP4 | avahi >= 0.6.23-11.32.1avahi-compat-howl-devel >= 0.6.23-11.32.1avahi-compat-mDNSResponder-devel >= 0.6.23-11.32.1avahi-lang >= 0.6.23-11.32.1avahi-utils >= 0.6.23-11.32.1libavahi-client3 >= 0.6.23-11.32.1libavahi-client3-32bit >= 0.6.23-11.32.1libavahi-client3-x86 >= 0.6.23-11.32.1libavahi-common3 >= 0.6.23-11.32.1libavahi-common3-32bit >= 0.6.23-11.32.1libavahi-common3-x86 >= 0.6.23-11.32.1libavahi-core5 >= 0.6.23-11.32.1libavahi-devel >= 0.6.23-11.32.1libdns_sd >= 0.6.23-11.32.1libdns_sd-32bit >= 0.6.23-11.32.1libdns_sd-x86 >= 0.6.23-11.32.1libhowl0 >= 0.6.23-11.32.1python-avahi >= 0.6.23-11.32.1
| Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA avahi-0.6.23-11.32.1
SUSE Linux Enterprise Software Development Kit 11 SP4 GA avahi-compat-howl-devel-0.6.23-11.32.1 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 05:21:34 2013
CVE page last modified: Sat Jun 15 20:48:27 2024
