Package: avahi-daemon Version: 0.6.27-2 Tags: security Severity: critical Justification: Introduces possible denial-of-service scenario. Hi, when I scan my server from another machine on the network using nmap, I get this: # nmap -sU -p5353 192.168.2.2 Starting Nmap 5.00 ( http://nmap.org ) at 2011-02-23 13:15 CET Interesting ports on 192.168.2.2: PORT STATE SERVICE 5353/udp open|filtered zeroconf MAC Address: XX:XX:XX:XX:XX:XX (Netgear) Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds # As soon as the scan starts, avahi-daemon on the server starts running amok, top shows this: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 5535 avahi 20 0 33884 1600 1280 R 100 0.0 2:28.47 avahi-daemon Restarting avahi-daemon is not possible: # /etc/init.d/avahi-daemon restart Restarting Avahi mDNS/DNS-SD Daemon: avahi-daemonFailed to kill daemon: Timer expired . # Simply terminating the process doesn't work either: # ps -Af | grep avahi-daemon avahi 5535 1 87 13:14 ? 00:04:43 avahi-daemon: running [server.local] avahi 5536 5535 0 13:14 ? 00:00:00 avahi-daemon: chroot helper root 5610 5581 0 13:20 pts/2 00:00:00 grep avahi-daemon # kill 5535 # ps -Af | grep avahi-daemon avahi 5535 1 88 13:14 ? 00:05:02 avahi-daemon: running [server.local] avahi 5536 5535 0 13:14 ? 00:00:00 avahi-daemon: chroot helper root 5614 5581 0 13:20 pts/2 00:00:00 grep avahi-daemon # Forcibly killing the process works: # kill -9 5535 # ps -Af | grep avahi-daemon root 5629 5581 0 13:23 pts/2 00:00:00 grep avahi-daemon # I don't know what kind of data nmap sends when scanning for open UDP ports, but it definitely shouldn't cause avahi-daemon to run amok. Please note that I have not changed the Avahi configuration in any way, so you should be able to reproduce this easily. Please tell me if you need any more information! Best regards Alexander Kurtz
Attachment:
signature.asc
Description: This is a digitally signed message part