Avahi未授权数据操作漏洞

漏洞信息详情

Avahi未授权数据操作漏洞

• CNNVD编号：CNNVD-200611-210
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2006-5461
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2006-11-14
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2007-01-10
  
• 厂        商：
  
  avahi
• 漏洞来源：
  Steve Grubb discov…

Avahid本未验证netlink消息的发送方身份以确认消息是来自内核而非其他进程，本地用户可借此来哄骗网络转变到Avahi。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Avahi Avahi 0.5.2

Ubuntu avahi-daemon_0.5.2-1ubuntu1.2_i386.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-daemon_0 .5.2-1ubuntu1.2_i386.deb

Ubuntu avahi-daemon_0.5.2-1ubuntu1.2_powerpc.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-daemon_0 .5.2-1ubuntu1.2_powerpc.deb

Ubuntu avahi-daemon_0.5.2-1ubuntu1.3_amd64.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-daemon_0 .5.2-1ubuntu1.3_amd64.deb

Ubuntu avahi-daemon_0.5.2-1ubuntu1.3_i386.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-daemon_0 .5.2-1ubuntu1.3_i386.deb

Ubuntu avahi-daemon_0.5.2-1ubuntu1.3_powerpc.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-daemon_0 .5.2-1ubuntu1.3_powerpc.deb

Ubuntu avahi-dnsconfd_0.5.2-1ubuntu1.2_i386.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-dnsconfd _0.5.2-1ubuntu1.2_i386.deb

Ubuntu avahi-dnsconfd_0.5.2-1ubuntu1.2_powerpc.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-dnsconfd _0.5.2-1ubuntu1.2_powerpc.deb

Ubuntu avahi-dnsconfd_0.5.2-1ubuntu1.3_amd64.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-dnsconfd _0.5.2-1ubuntu1.3_amd64.deb

Ubuntu avahi-dnsconfd_0.5.2-1ubuntu1.3_i386.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-dnsconfd _0.5.2-1ubuntu1.3_i386.deb

Ubuntu avahi-dnsconfd_0.5.2-1ubuntu1.3_powerpc.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-dnsconfd _0.5.2-1ubuntu1.3_powerpc.deb

Ubuntu avahi-utils_0.5.2-1ubuntu1.3_all.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/avahi-utils_0. 5.2-1ubuntu1.3_all.deb

Ubuntu libavahi-cil_0.5.2-1ubuntu1.3_all.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-cil_0 .5.2-1ubuntu1.3_all.deb

Ubuntu libavahi-client-dev_0.5.2-1ubuntu1.2_i386.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t-dev_0.5.2-1ubuntu1.2_i386.deb

Ubuntu libavahi-client-dev_0.5.2-1ubuntu1.2_powerpc.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t-dev_0.5.2-1ubuntu1.2_powerpc.deb

Ubuntu libavahi-client-dev_0.5.2-1ubuntu1.3_amd64.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t-dev_0.5.2-1ubuntu1.3_amd64.deb

Ubuntu libavahi-client-dev_0.5.2-1ubuntu1.3_i386.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t-dev_0.5.2-1ubuntu1.3_i386.deb

Ubuntu libavahi-client-dev_0.5.2-1ubuntu1.3_powerpc.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t-dev_0.5.2-1ubuntu1.3_powerpc.deb

Ubuntu libavahi-client1_0.5.2-1ubuntu1.2_amd64.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t1_0.5.2-1ubuntu1.2_amd64.deb

Ubuntu libavahi-client1_0.5.2-1ubuntu1.2_i386.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t1_0.5.2-1ubuntu1.2_i386.deb

Ubuntu libavahi-client1_0.5.2-1ubuntu1.2_powerpc.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t1_0.5.2-1ubuntu1.2_powerpc.deb

Ubuntu libavahi-client1_0.5.2-1ubuntu1.3_amd64.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t1_0.5.2-1ubuntu1.3_amd64.deb

Ubuntu libavahi-client1_0.5.2-1ubuntu1.3_i386.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t1_0.5.2-1ubuntu1.3_i386.deb

Ubuntu libavahi-client1_0.5.2-1ubuntu1.3_powerpc.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-clien t1_0.5.2-1ubuntu1.3_powerpc.deb

Ubuntu libavahi-common-dev_0.5.2-1ubuntu1.2_amd64.deb

Ubuntu 5.10:

http://security.ubuntu.com/ubuntu/pool/universe/a/avahi/libavahi-commo n-dev_0.5.2-1ubuntu1.2_amd64.deb

Ubuntu libavahi-common-dev_0.5.2-1ubuntu1.2_i38

来源: USN-380-1

名称: USN-380-1

链接:http://www.ubuntulinux.org/support/documentation/usn/usn-380-1

来源: SECUNIA

名称: 22852

链接:http://secunia.com/advisories/22852

来源: SECUNIA

名称: 22807

链接:http://secunia.com/advisories/22807

来源: MLIST

名称: [avahi-tickets] 20061106 [Avahi] #69: Avahi needs to check the originating process of netlink messages

链接:https://tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html

来源: XF

名称: avahi-netlink-security-bypass(30207)

链接:http://xforce.iss.net/xforce/xfdb/30207

来源: BID

名称: 21016

链接:http://www.securityfocus.com/bid/21016

来源: SUSE

名称: SUSE-SR:2006:026

链接:http://www.novell.com/linux/security/advisories/2006_26_sr.html

来源: MANDRIVA

名称: MDKSA-2006:215

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:215

来源: GENTOO

名称: GLSA-200611-13

链接:http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml

来源: VUPEN

名称: ADV-2006-4474

链接:http://www.frsirt.com/english/advisories/2006/4474

来源: SECTRACK

名称: 1017257

链接:http://securitytracker.com/id?1017257

来源: SECUNIA

名称: 23042

链接:http://secunia.com/advisories/23042

来源: SECUNIA

名称: 23020

链接:http://secunia.com/advisories/23020

来源: MANDRIVA

名称: MDKSA-2006:215

链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:215

来源: avahi.org

链接:http://avahi.org/milestone/Avahi%200.6.15

来源: SECUNIA

名称: 22932

链接:http://secunia.com/advisories/22932