CVE-2021-26720
Description
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.069
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) avahi-0.6.32-32.12.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) avahi-debuginfo-0.6.32-32.12.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) avahi-debuginfo-32bit-0.6.32-32.12.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) avahi-debugsource-0.6.32-32.12.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) avahi-glib2-debugsource-0.6.32-32.12.3.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) avahi-lang-0.6.32-32.12.2.noarch.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) avahi-utils-0.6.32-32.12.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) avahi-utils-debuginfo-0.6.32-32.12.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) libavahi-client3-0.6.32-32.12.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) libavahi-client3-32bit-0.6.32-32.12.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) libavahi-client3-debuginfo-0.6.32-32.12.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) libavahi-client3-debuginfo-32bit-0.6.32-32.12.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) libavahi-common3-0.6.32-32.12.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) libavahi-common3-32bit-0.6.32-32.12.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) libavahi-common3-debuginfo-0.6.32-32.12.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) libavahi-common3-debuginfo-32bit-0.6.32-32.12.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) libavahi-core7-0.6.32-32.12.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) libavahi-core7-debuginfo-0.6.32-32.12.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) libavahi-glib1-0.6.32-32.12.3.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) libavahi-glib1-32bit-0.6.32-32.12.3.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) libavahi-glib1-debuginfo-0.6.32-32.12.3.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) libavahi-glib1-debuginfo-32bit-0.6.32-32.12.3.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) libdns_sd-0.6.32-32.12.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) libdns_sd-32bit-0.6.32-32.12.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) libdns_sd-debuginfo-0.6.32-32.12.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0563-1(SUSE Linux Enterprise Server 12-SP5 ) libdns_sd-debuginfo-32bit-0.6.32-32.12.2.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234