[Bug 1233421] New: VUL-0: CVE-2024-52615: avahi: Avahi Wide-Area DNS Uses Constant Source Port
https://bugzilla.suse.com/show_bug.cgi?id=1233421 Bug ID: 1233421 Summary: VUL-0: CVE-2024-52615: avahi: Avahi Wide-Area DNS Uses Constant Source Port Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/428646/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: gnome-bugs@suse.de Reporter: smash_bz@suse.de QA Contact: security-team@suse.de CC: stoyan.manolov@suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- This vulnerability exposes Avahi-daemon to potential DNS spoofing attacks by using a fixed source port for queries. However, the impact is limited because it only affects wide-area DNS and can be mitigated by forwarding queries to local DNS resolvers (e.g., systemd-resolved), which provide better randomization. The impact is primarily on systems actively using wide-area DNS, with .local mDNS being unaffected. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-52615 https://bugzilla.redhat.com/show_bug.cgi?id=2326418 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1233421 SMASH SMASH <smash_bz@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |CVSSv3.1:SUSE:CVE-2024-5261 | |5:5.3:(AV:N/AC:L/PR:N/UI:N/ | |S:U/C:N/I:L/A:N) | |CVSSv4:SUSE:CVE-2024-52615: | |6.3:(AV:N/AC:L/AT:P/PR:N/UI | |:N/VC:N/VI:L/VA:N/SC:N/SI:N | |/SA:N) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1233421 Stoyan Manolov <stoyan.manolov@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gnome-bugs@suse.de Flags| |needinfo?(gnome-bugs@suse.d | |e) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1233421 SMASH SMASH <smash_bz@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1233421 https://bugzilla.suse.com/show_bug.cgi?id=1233421#c2 Cliff Zhao <qzhao@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |qzhao@suse.com --- Comment #2 from Cliff Zhao <qzhao@suse.com> --- (In reply to SMASH SMASH from comment #0)
This vulnerability exposes Avahi-daemon to potential DNS spoofing attacks by using a fixed source port for queries. However, the impact is limited because it only affects wide-area DNS and can be mitigated by forwarding queries to local DNS resolvers (e.g., systemd-resolved), which provide better randomization. The impact is primarily on systems actively using wide-area DNS, with .local mDNS being unaffected.
References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-52615 It returns "CVE ID Not Found" in the above link, maybe this CVE been closed? so I could not get detailed information. May I kindly ask our esteemed security team to look into the cause? Thank you! -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1233421 https://bugzilla.suse.com/show_bug.cgi?id=1233421#c4 Cliff Zhao <qzhao@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(gnome-bugs@suse.d | |e) | Assignee|gnome-bugs@suse.de |qzhao@suse.com --- Comment #4 from Cliff Zhao <qzhao@suse.com> --- (In reply to Andreas Stieger from comment #3)
The NVD would record rejected CVE as such. In this case the CVE was assigned with a CNA, with data ingestion into NVD pending.
More relevant advisory: https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g
That's what I want. Thank you. I can take it. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com