Packages

  • Status In Progress   Reopened
  • Percent Complete
    0%
  • Task Type Security Issue
  • Category Any
  • Assigned To
    Márcio Silva
    André Silva
  • Operating System All
  • Severity Critical
  • Priority Very High
  • Reported Version Any
  • Due in Version Undecided
  • Due Date Undecided
  • Votes 1
  • Private
Attached to Project: Packages
Opened by André Silva - 18/01/2018
Last edited by André Silva - 16/10/2019

FS#646 - [avahi] blacklist package since it's a zeroconf implementation

Avahi is a zero-configuration networking implementation that contains critical security issues because mDNS operates under a different trust model than unicast DNS trusting the entire network rather than a designated DNS server, it is vulnerable to spoofing attacks by any system within the multicast IP range. Like SNMP and many other network management protocols, it can also be used by attackers to quickly gain detailed knowledge of the network and its machines. [0]

Since it violates the Hyperbola Social Contract , Avahi should be blacklisted.

Date User Effort (H:M)

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing