Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames (CVE-2021-3502) #338

Closed
carnil opened this issue Apr 26, 2021 · 2 comments
Closed

reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames (CVE-2021-3502) #338

carnil opened this issue Apr 26, 2021 · 2 comments
Milestone
v0.9

Comments

@carnil
Copy link

carnil commented Apr 26, 2021

Hi

An issue was reported in Debian as https://bugs.debian.org/986018 which got CVE-2021-3502 assigned. Quoting the report:

Package: avahi-daemon
Version: 0.8-5
Severity: important
Tags: security
Control: notfound -1 0.7-4+b1

Dear Maintainers,

I found another local denial-of-service vulnerability in avahi-daemon.
It can be triggered by trying to resolve badly-formatted hostnames on
the /run/avahi-daemon/socket interface (I stumbled upon it, accidentally
trying to resolve an IP as a hostname...)
This time the daemon just dies, and this time buster is not affected.

Steps to reproduce:
  $ (echo "RESOLVE-HOSTNAME a"; sleep 3;) | socat - /run/avahi-daemon/socket
  $ ps -FC avahi-daemon

Same results for these queries: "a.", ".a", "a..b", ".b.c", "a.b.."

Note that every local user has access to the socket.


Yours
Thomas Kremer
@carnil carnil changed the title eachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames (CVE-2021-3502) reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames (CVE-2021-3502) Apr 26, 2021
@carnil
Copy link
Author

carnil commented Apr 26, 2021

Additional downstream reference: https://bugzilla.redhat.com/show_bug.cgi?id=1946914

@rantala
Copy link
Contributor

rantala commented Apr 27, 2021

Hi,

Based on quick testing this PR fixes it, can you also try it and confirm?
#324

@lathiat lathiat closed this as completed in fd482a7 Jun 4, 2021
@lathiat lathiat added this to the v0.9 milestone Jun 4, 2021
@evverx evverx mentioned this issue Nov 30, 2022
Merged
evverx added a commit to evverx/avahi that referenced this issue Dec 2, 2022
@evverx
CI: bring radamsa
8d864ff 
to catch issues like avahi#330
and avahi#338
evverx added a commit to evverx/avahi that referenced this issue Dec 2, 2022
@evverx
CI: bring radamsa
1bef1b6 
to catch issues like avahi#330
and avahi#338
evverx added a commit to evverx/avahi that referenced this issue Dec 2, 2022
@evverx
CI: bring radamsa
f382cbe 
to catch issues like avahi#330
and avahi#338
evverx added a commit to evverx/avahi that referenced this issue Dec 2, 2022
@evverx
CI: bring radamsa
54d6e1c 
to catch issues like avahi#330
and avahi#338
evverx added a commit to evverx/avahi that referenced this issue Dec 2, 2022
@evverx
CI: bring radamsa
d51a131 
to catch issues like avahi#330
and avahi#338
evverx added a commit to evverx/avahi that referenced this issue Dec 2, 2022
@evverx
CI: bring radamsa
c660f88 
to catch issues like avahi#330
and avahi#338
@evverx evverx mentioned this issue Dec 2, 2022
Closed
@evverx evverx mentioned this issue Dec 23, 2022
Merged
@Neustradamus Neustradamus mentioned this issue Oct 27, 2023
Open
evverx added a commit to evverx/avahi that referenced this issue Oct 31, 2023
@evverx
ci: poke the simple protocol with radamsa
86fcba3 
Prompted by avahi#330 and
avahi#338.
evverx added a commit to evverx/avahi that referenced this issue Oct 31, 2023
@evverx
ci: poke the simple protocol with radamsa
7cfb279 
Prompted by avahi#330 and
avahi#338.
evverx added a commit to evverx/avahi that referenced this issue Oct 31, 2023
@evverx
smoke-test: poke the simple protocol with radamsa
c61ecb0 
Prompted by avahi#330 and
avahi#338.
@evverx evverx mentioned this issue Oct 31, 2023
Merged
evverx added a commit that referenced this issue Oct 31, 2023
@evverx
smoke-test: poke the simple protocol with radamsa
a041e6c 
Prompted by #330 and
#338.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.9
Development

No branches or pull requests
3 participants
@rantala @lathiat @carnil