CVE-2024-52616
Publication date 21 November 2024
Last updated 21 January 2025
Ubuntu priority
A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.
Mitigation
This issue can be mitigated by disabling wide-area DNS queries. This can be done by setting enable-wide-are=no in /etc/avahi/avahi-daemon.conf
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| avahi | 24.10 oracular |
Vulnerable, fix deferred
|
| 24.04 LTS noble |
Vulnerable, fix deferred
|
|
| 22.04 LTS jammy |
Vulnerable, fix deferred
|
|
| 20.04 LTS focal |
Vulnerable, fix deferred
|
|
| 18.04 LTS bionic |
Vulnerable, fix deferred
|
|
| 16.04 LTS xenial |
Vulnerable, fix deferred
|
|
| 14.04 LTS trusty | Ignored end of ESM support, was needs-triage |
Notes
mdeslaur
Avahi upstream hasn't fixed this issue, but they now disable wide-area by default: https://github.com/avahi/avahi/pull/577 Another bug exists to track improving wide-area: https://github.com/avahi/avahi/issues/578
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.3 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |