Описание
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was deferred |
| devel | not-affected | 0.8-3ubuntu2 |
| esm-infra-legacy/trusty | deferred | |
| esm-infra/bionic | deferred | |
| esm-infra/focal | not-affected | 0.7-4ubuntu7 |
| esm-infra/xenial | deferred | |
| focal | not-affected | 0.7-4ubuntu7 |
| groovy | not-affected | 0.8-3ubuntu1 |
| hirsute | not-affected | 0.8-3ubuntu2 |
| impish | not-affected | 0.8-3ubuntu2 |
Показывать по
EPSS
4.6 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is ...
EPSS
4.6 Medium
CVSS2
7.8 High
CVSS3