FKIE_CVE-2006-6870

Vulnerability from fkie_nvd - Published: 2006-12-31 05:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.
References
security@ubuntu.comhttp://fedoranews.org/cms/node/2362
security@ubuntu.comhttp://fedoranews.org/cms/node/2408
security@ubuntu.comhttp://secunia.com/advisories/23628
security@ubuntu.comhttp://secunia.com/advisories/23644
security@ubuntu.comhttp://secunia.com/advisories/23660
security@ubuntu.comhttp://secunia.com/advisories/23673
security@ubuntu.comhttp://secunia.com/advisories/23782
security@ubuntu.comhttp://secunia.com/advisories/24995
security@ubuntu.comhttp://www.avahi.org/#December2006Patch
security@ubuntu.comhttp://www.avahi.org/changeset/1340
security@ubuntu.comhttp://www.avahi.org/ticket/84Patch
security@ubuntu.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:003
security@ubuntu.comhttp://www.novell.com/linux/security/advisories/2007_007_suse.html
security@ubuntu.comhttp://www.securityfocus.com/bid/21881
security@ubuntu.comhttp://www.ubuntu.com/usn/usn-402-1
security@ubuntu.comhttp://www.vupen.com/english/advisories/2007/0071
af854a3a-2127-422b-91ae-364da2661108http://fedoranews.org/cms/node/2362
af854a3a-2127-422b-91ae-364da2661108http://fedoranews.org/cms/node/2408
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23628
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23644
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23660
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23673
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23782
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24995
af854a3a-2127-422b-91ae-364da2661108http://www.avahi.org/#December2006Patch
af854a3a-2127-422b-91ae-364da2661108http://www.avahi.org/changeset/1340
af854a3a-2127-422b-91ae-364da2661108http://www.avahi.org/ticket/84Patch
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:003
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_007_suse.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/21881
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-402-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0071
Impacted products
Vendor Product Version
avahi avahi 0.6.7
avahi avahi 0.6.8
avahi avahi 0.6.9
avahi avahi 0.6.10
avahi avahi 0.6.11
avahi avahi 0.6.12
avahi avahi 0.6.13
avahi avahi 0.6.14
avahi avahi 0.6.15
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:avahi:avahi:0.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C0D4625-24B2-4BF7-B32B-7BCC12C8BD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avahi:avahi:0.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8266D64B-B067-413E-BDA7-4AB770D4F570",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avahi:avahi:0.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F99BF964-2FC8-45B5-AD69-4790179B8AF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avahi:avahi:0.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CA79F96-1C98-49BE-8197-D52B8B6DEF24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avahi:avahi:0.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FF6E882-B66D-4B84-AFE7-D96B1B43E65D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avahi:avahi:0.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC5A8266-1859-45EB-9F16-BF0A5DE1A651",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avahi:avahi:0.6.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC2000C5-238B-43EF-B374-E7505CC61B29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avahi:avahi:0.6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BAC2B1B-C800-410D-8484-569675FFD484",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avahi:avahi:0.6.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD6F264D-6E78-4E57-96F7-C8B86BDFBD95",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n consume_labels en avahi-core/dns.c en Avahi before 0.6.16 permite a un atacante remoto provocar denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de respuestas DNS comprimidas manipuladas con una etiqueta que apunta as\u00ed misma."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nAvahi, Avahi, 0.6.16",
  "id": "CVE-2006-6870",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-12-31T05:00:00.000",
  "references": [
    {
      "source": "security@ubuntu.com",
      "url": "http://fedoranews.org/cms/node/2362"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://fedoranews.org/cms/node/2408"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://secunia.com/advisories/23628"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://secunia.com/advisories/23644"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://secunia.com/advisories/23660"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://secunia.com/advisories/23673"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://secunia.com/advisories/23782"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://secunia.com/advisories/24995"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.avahi.org/#December2006"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.avahi.org/changeset/1340"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.avahi.org/ticket/84"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:003"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.novell.com/linux/security/advisories/2007_007_suse.html"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.securityfocus.com/bid/21881"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.ubuntu.com/usn/usn-402-1"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.vupen.com/english/advisories/2007/0071"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://fedoranews.org/cms/node/2362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://fedoranews.org/cms/node/2408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23644"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23673"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24995"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.avahi.org/#December2006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.avahi.org/changeset/1340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.avahi.org/ticket/84"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_007_suse.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/21881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-402-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0071"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.