Debian Bug report logs - #614785
avahi-daemon uses 100% of cpu when scanned with nmap (DoS possible?)

version graph

Package: avahi-daemon; Maintainer for avahi-daemon is Utopia Maintenance Team <>; Source for avahi-daemon is src:avahi.

Reported by: Alexander Kurtz <>

Date: Wed, 23 Feb 2011 12:39:01 UTC

Severity: critical

Tags: security

Found in versions avahi/0.6.27-2, avahi/0.6.23-3lenny2

Fixed in versions avahi/0.6.28-4, avahi/0.6.27-2+squeeze1, avahi/0.6.23-3lenny3

Done: Michael Biebl <>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

Subject: Bug#614785: Found too in oldstable/lenny?
Reply-To: Michael Biebl <>,
Resent-From: Michael Biebl <>
Resent-CC: Utopia Maintenance Team <>
Resent-Date: Thu, 24 Feb 2011 14:57:02 +0000
Resent-Message-ID: <>
X-Debian-PR-Message: followup 614785
X-Debian-PR-Package: avahi-daemon
X-Debian-PR-Keywords: security
X-Debian-PR-Source: avahi
Received: via spool by id=B614785.12985591777151
          (code B ref 614785); Thu, 24 Feb 2011 14:57:02 +0000
Received: (at 614785) by; 24 Feb 2011 14:52:57 +0000
X-Spam-Checker-Version: SpamAssassin 3.2.5-bugs.debian.org_2005_01_02
	(2008-06-10) on
X-Spam-Bayes: score:0.0000 Tokens: new, 11; hammy, 126; neutral, 37; spammy,
	0. spammytokens: hammytokens:0.000-+--H*c:pgp-sha256,
	0.000-+--H*c:pgp-signature, 0.000-+--H*c:protocol, 0.000-+--H*c:micalg,
X-Spam-Status: No, score=-14.0 required=4.0 tests=BAYES_00,FROMDEVELOPER,
Received: from ([])
	by with esmtp (Exim 4.69)
	(envelope-from <>)
	id 1PscYr-0001qy-4V
	for; Thu, 24 Feb 2011 14:52:57 +0000
Received: from [] ( [])
	by (Postfix) with ESMTPSA id E6ED82CE064E;
	Thu, 24 Feb 2011 15:52:53 +0100 (CET)
Message-ID: <>
Date: Thu, 24 Feb 2011 15:52:51 +0100
From: Michael Biebl <>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20101213 Lightning/1.0b2 Icedove/3.1.7
MIME-Version: 1.0
To: Alexander Kurtz <>
CC: Salvatore Bonaccorso <>,,
References: <20110224122744.GA3287@elende> <1298558889.1769.44.camel@localhost>
In-Reply-To: <1298558889.1769.44.camel@localhost>
X-Enigmail-Version: 1.1.1
Content-Type: multipart/signed; micalg=pgp-sha256;
[Message part 1 (text/plain, inline)]
Am 24.02.2011 15:48, schrieb Alexander Kurtz:
> So, the code which introduced this vulnerability (CVE-2011-1002[1]) was
> actually added[2] when fixing another vulnerability (CVE-2010-2244[3]).
> As a consequence, lenny IS indeed vulnerable and needs to be fixed too.


I uploaded a fixed lenny package to oldstable-security 30min ago.


Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

[signature.asc (application/pgp-signature, attachment)]

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Sun Apr 20 11:43:48 2014; Machine Name:

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.