- Status In Progress Reopened
- Percent Complete
- Task Type Security Issue
- Category Any
-
Assigned To
Márcio Silva André Silva - Operating System All
- Severity Critical
- Priority Very High
- Reported Version Any
- Due in Version Undecided
-
Due Date
Undecided
-
Votes
1
- Tobias Dausend (31/10/2019)
- Private
Attached to Project: Packages
Opened by André Silva - 18/01/2018
Last edited by André Silva - 16/10/2019
Opened by André Silva - 18/01/2018
Last edited by André Silva - 16/10/2019
FS#646 - [avahi] blacklist package since it's a zeroconf implementation
Avahi is a zero-configuration networking implementation that contains critical security issues because mDNS operates under a different trust model than unicast DNS trusting the entire network rather than a designated DNS server, it is vulnerable to spoofing attacks by any system within the multicast IP range. Like SNMP and many other network management protocols, it can also be used by attackers to quickly gain detailed knowledge of the network and its machines. [0]
Since it violates the Hyperbola Social Contract , Avahi should be blacklisted.